Changelogs

Acunetix Standard & Premium

RSS Feed

v14.7.220322147 - 28 Mar 2022

Version 14 build 14.7.220322147 for Windows, Linux and macOS – 28th March 2022

New Vulnerability checks

Updates

  • Engines page in UI now shows the number of Targets bound to a scanning engine
  • Vulnerabilities page in UI shows the Target Tracker Issue Id when the vulnerability is sent to an Issue Tracker
  • Upgraded Chromium to v99.0.4844.0
  • JWT audit checks are now done on GET / POST parameters

Fixes

  • Fixed several Scanner crashes
  • Numerous UI updates / fixes
  • Fixed error when configuring GitHub Issue Trackers
  • Numerous fixes related to CSRF token management
  • Better handling of imported URLs that are excluded in LSR
  • fixed issue causing pre-request scripts to be renamed, causing import scripts not to fail to be loaded

v14.7.220228146 - 01 Mar 2022

Version 14 build 14.7.220228146 for Windows, Linux and macOS – 1st March 2022

New Features

  • .NET IAST Sensor (AcuSensor) can now be installed on .NET Core v3 and v5 on Windows (with Kestrel server)
  • Acunetix Scanner updated to support Routes for frameworks supported by the IAST sensors (AcuSensor)
  • Added support for Laravel framework in PHP IAST Sensor (AcuSensor)
  • Added support for CodeIgnitor framework in PHP IAST Sensor (AcuSensor)
  • Added support for Symphony framework in PHP IAST Sensor (AcuSensor)
  • Added support for ASP.NET MVC in .NET Core IAST Sensor (AcuSensor)
  • Added support for Razor Pages in .NET Core in .NET IAST Sensor (AcuSensor)
  • Added support for Web API in .NET Framework and .NET Core IAST Sensors (AcuSensor)
  • Added support for Spring MVC in JAVA IAST Sensor (AcuSensor)
  • Added support for Spring Struts2 in JAVA IAST Sensor (AcuSensor)

New Vulnerability Checks

Updates

  • IAST Sensors (AcuSensor) capabilities have been updated to improve the detection of:
    • Arbitrary File Creation
    • Directory Traversal
    • SQL Injection
    • Remote Code Execution
  • Acunetix will start reporting when an old version of the IAST Sensor (AcuSensor) is installed on the web application
  • Considerable update to the handling of CSRF tokens
  • The Vulnerabilities page now includes a unique Vulnerability ID
  • Multiple UI updates
  • Multiple DeepScan updates

Fixes

  • Fixed issue with Gitlab issue types not showing in UI
  • Fixed issue with Amazon AWS WAF export
  • Fixed several scanner crashes
  • Fixed issue with .NET IAST AcuSensor not working on IIS prior to version 10
  • Fixed issue with Node.js IAST AcuSensor causing web application to stop working
  • Fixed ordering issue caused in PDF Comprehensive reports for multiple scans
  • Fixed timeout issue causing IAST data not to reach the Acunetix scanner

v14.6.220117111 - 18 Jan 2022

Version 14 build 14.6.220117111 for Windows, Linux and macOS – 18th January 2022

Updates

  • Updated Python binaries to v3.8.10
  • Updated WordPress plugin and WordPress core vulnerability checks

v14.6.211220100 - 20 Dec 2021

Version 14 build 14.6.211220100 for Windows, Linux and macOS – 20th December 2021

New Vulnerability Checks

  • Apache Log4j RCE vulnerability check updated to detect blind (delayed) instances of the vulnerability

v14.6.211215172 - 16 Dec 2021

Version 14 build 14.6.211215172 for Windows, Linux and macOS – 16th December 2021

New Vulnerability Checks

  • Apache Log4j RCE vulnerability check updated to detect the vulnerability in web server exceptions
  • Apache Log4j RCE vulnerability check updated to execute on various HTTP Headers

Updates

  • Updated the scanner to test custom headers used by the web application

v14.6.211213163 - 13 Dec 2021

Version 14 build 14.6.211213163 for Windows, Linux and macOS – 13th December 2021

New Vulnerability Checks

v14.6.211207099 - 07 Dec 2021

Version 14 build 14.6.211207099 for Windows, Linux and macOS – 7th December 2021

New Features

  • Scanner supports detecting HTTP/2 vulnerabilities

New Vulnerability Checks

Updates

  • Improved handling of Laravel CSRF tokens
  • Added possibility to restrict scanning a Target using the Main Installation’s scanning engine
  • Added ability to configure blocking of requests to Ad services
  • Multiple UI updates
  • Multiple DeepScan updates
  • Multiple updates to the PHP AcuSensor

Fixes

  • Fixed: SQLi false negative caused when AcuSensor is installed
  • Fixed: Incremental scans not starting when scheduled via Jenkins plugin
  • Fixed: 2 issues in .NET sensor injector CLI
  • Fixed: Node.js sensor not working on https sites
  • Fixed: Not all paths are importing from specific Burp state file
  • Fixed: Scanner crashes when parsing specific GraphQL and Swagger 2 files
  • Fixed: Specific excluded paths can cause the scanner to hang
  • Fixed: multiple scanner hangs
  • Fixed: Race condition between LSR and BLR
  • Fixed: Imported urls ignored when site redirects from http to https
  • Fixed: Incorrect permissions for some Acunetix files / folders on Linux / Mac

v14.5.211115146 - 16 Nov 2021

Version 14 build 14.5.211115146 for Windows, Linux and macOS – 16th November 2021

New Features

  • New OWASP Top 10 2021 compliance report
  • JAVA AcuSensor now supports JDK 11

New Vulnerability Checks

Fixes

  • Fixed issue causing hang in scanner
  • Fixed issue causing some vulnerabilities not to be detected when AcuSensor is enabled and not installed on the web application

v14.5.211109105 - 09 Nov 2021

Version 14 build 14.5.211109105 for Windows, Linux and macOS – 9th November 2021

New Vulnerability Checks

Fixes

  • Fixed issue in .NET AcuSensor CLI parameter used to list the web sites in IIS
  • Fixed issue in Clickjacking: CSP frame-ancestors missing vulnerability check
  • Fixed false positive in Сockpit CMS reset password NoSQLi
1 4 5 6 24