Changelogs

Acunetix Standard & Premium

RSS Feed

v12.0.181115088 - 15 Nov 2018

Version 12 (Linux release build 12.0.181115088) – 15th November 2018

New Features

  • Acunetix release for Linux
  • Acunetix can now test APIs document using Swagger
  • Deepscan has been updated to make use of Chromium
  • Login Sequence Recorder has been updated to make use of Chromium

v12.0.181012141 - 12 Oct 2018

Version 12 (build 12.0.181012141) – 12th October 2018

New Vulnerability Checks

Updates

  • License keys can now be updated via the Acunetix web UI
  • Additional memory improvements
  • Improved exclusion of parameters
  • Multiple updates to existing vulnerability checks
  • Improved CORS origin validation failure checks
  • Improved Pickle Serialization check

Fixes

  • Manual Intervention was not working after a paused scan is resumed
  • Scans for some sites using Digest HTTP Authentication were stopping unexpectedly
  • Additional fixes for issues causing scans exiting unexpectedly
  • Fixed issue causing many product update requests when proxy authentication is incorrectly configured
  • Fixed: Some backup files / folders were not being identified
  • Some vulnerabilities were incorrectly reported in the site root
  • Fixed issue in similar page detection causing scans to take longer than expected
  • Fixed issue causing valid sessions not to be identified correctly during the scan

v12.0.180911134 - 11 Sep 2018

Version 12 (build 12.0.180911134) – 11th September 2018

New Vulnerability Checks

Updates

  • Multiple updates to the SSL checks
  • Various memory optimisations
  • Less requests required to verify AcuMontior checks

Fixes

  • Fixed bug in testing of cookie values
  • Fixed memory issues, causing some scans to exit unexpectedly
  • Fixed bug causing some scans to crash when paused and resumed
  • Fixed issue causing some scans to be aborted immediately because of error status on initial response
  • Fixed issue causing some locations to get omitted from site structure
  • Multiple fixes to import file feature
  • Fixed issue which caused DeepScan not to use all cookies
  • Custom headers were added twice on redirect
  • Fixed issue affecting some sites using SSO

v12.0.180821106 - 22 Aug 2018

Version 12 (build 12.0.180821106) – 22nd August 2018

New Vulnerability checks

Updates

  • Reduced the number of requests required for Web Application Detection
  • Improved the JSON and the Generic document parser
  • Improved handling of non-responsive sites

Fixes

  • Fixed a few infrequent crashes
  • Fixed Malware link checking vulnerability test
  • Fixed issue causing scan to be aborted on redirect to different FQDN for login
  • Fixed issue causing Scan Comparison reports to fail
  • Fixed issue causing the scanner not to crawl certain HTTPs sites correctly when using proxy

v12.0.180801120 - 01 Aug 2018

Version 12 (build 12.0.180801120) - 1st August 2018

Fixes

  • Fixed the detection of some DOMXSS variants
  • Fixed scanner crash

v12.0.180725167 - 26 Jul 2018

Version 12 (build 12.0.180725167) - 26th July 2018

New Features

  • HTTP response is now shown for vulnerabilities detected (only affects new scans)
  • Manual Intervention has been implemented in v12

New Vulnerability checks

  • Added detection of Java Object Deserialization vulnerabilities
  • Added detection for Cisco ASA Path Traversal (CVE-2018-0296)
  • Added tests for misconfigured nginx aliases that can lead to a path traversal
  • Added detection of Spring Security Authentication Bypass Vulnerability (CVE-2016-5007)
  • Added detection of weak/insecure permissions for Atlassian Jira REST interface
  • Added detection of Apache Tomcat Information Disclosure (CVE-2017-12616)
  • Added detection of Spring Data REST Remote Code Execution (CVE-2017-8046)
  • Added detection of Insecure Odoo Web Database Manager
  • Added detection of JBoss Remote Code Execution (CVE-2015-7501 and CVE-2017-7504)
  • Added detection of WebSphere Remote Code Execution (CVE-2015-7450)
  • Updated WordPress Plugin vulnerability detection

Updates

  • Password is no longer required when configuring client certificate for a Target
  • Additional memory optimizations
  • Scanner will now report when the LSR cannot login
  • Application Error Message vulnerability check updated to provide more details on the error
  • Reports, XML exports and WAF exports now use a more meaningful filename
  • Reports now show the status of a scan
  • Scan debug logs now include imported files
  • Increase maximum number of issues trackers that can be configured

Fixes

  • multiple crashes while scanning
  • Scanner will now re-authenticate when website invalidates authentication during scan (applies to HTTP authentication only)
  • Scanner sometimes fails to decode LSR output, leading to an unauthenticated scan
  • Fixed many issues causing vulnerabilities not to be detected or to be detected incorrectly
  • Two fixes affecting the setting of Cookies
  • Fixed issue in RSS parsing
  • Fields with certain characters in the name (such as $) were not being tested
  • Some out of scope paths were still being crawled
  • Fix in the Autologin
  • Upon upgrade, user is asked to “Logout from Other Session”
  • Target and Vulnerabilities reports were failing
  • Recurrent scans for Standard licenses were being disabled
  • some reports were generated without file extension

v12.0.180709159 - 09 Jul 2018

Version 12 (build 12.0.180709159) – 9th July 2018

New Features and Vulnerability tests

Updates

  • Scanner will automatically continue scanning when http redirects to https
  • Improvement in memory usage
  • Acunetix will now hand over DNS resolution to Proxy Server when configured
  • Improved messaging during installation

Fixes

  • Scanner crash in DeepScan
  • Scanner hang when certain LSR files are used
  • Incomplete scans in certain situations, such as when using import files

v12.0.180628131 - 28 Jun 2018

Version 12 (build 12.0.180628131) – 28th June 2018

New Features and Vulnerability tests

Fixes

  • Fixed issue with NTLM HTTP Authentication
  • Fixed issue causing some pages not to load correctly in the LSR
  • Fixed 2 false positives for “User controllable charset” and “User controllable script source”
  • Fixed issue in handling HAR import files

v12.0.180619111 - 19 Jun 2018

Version 12 (build 12.0.180619111) – 19th June 2018

New Features and Vulnerability tests

Fixes

  • Crash dump was sometimes not being created
1 10 11 12 24