v14.7.220425114 - 26 Apr 2022
Copy Link
Copy Link
Version 14 build 14.7.220425114 for Windows, Linux and macOS – 26th April 2022
Updates
- Upgraded Chromium to v100.0.4896.127
v14.7.220401065 - 01 Apr 2022
Copy Link
Copy Link
Version 14 build 14.7.220401065 for Windows, Linux and macOS – 1st April 2022
New Vulnerability checks
- Test for Spring4Shell vulnerability (CVE-2022-22965)
v14.7.220329162 - 30 Mar 2022
Copy Link
Copy Link
Version 14 build 14.7.220329162 for Windows, Linux and macOS – 30th March 2022
Updates
- Upgraded Chromium to v99.0.4844.84
v14.7.220322147 - 28 Mar 2022
Copy Link
Copy Link
Version 14 build 14.7.220322147 for Windows, Linux and macOS – 28th March 2022
New Vulnerability checks
- Test for host CMS Theme Preview XSS (CVE-2021-29484)
Updates
- Engines page in UI now shows the number of Targets bound to a scanning engine
- Vulnerabilities page in UI shows the Target Tracker Issue Id when the vulnerability is sent to an Issue Tracker
- Upgraded Chromium to v99.0.4844.0
- JWT audit checks are now done on GET / POST parameters
Fixes
- Fixed several Scanner crashes
- Numerous UI updates / fixes
- Fixed error when configuring GitHub Issue Trackers
- Numerous fixes related to CSRF token management
- Better handling of imported URLs that are excluded in LSR
- fixed issue causing pre-request scripts to be renamed, causing import scripts not to fail to be loaded
v14.7.220228146 - 01 Mar 2022
Copy Link
Copy Link
Version 14 build 14.7.220228146 for Windows, Linux and macOS – 1st March 2022
New Features
- .NET IAST Sensor (AcuSensor) can now be installed on .NET Core v3 and v5 on Windows (with Kestrel server)
- Acunetix Scanner updated to support Routes for frameworks supported by the IAST sensors (AcuSensor)
- Added support for Laravel framework in PHP IAST Sensor (AcuSensor)
- Added support for CodeIgnitor framework in PHP IAST Sensor (AcuSensor)
- Added support for Symphony framework in PHP IAST Sensor (AcuSensor)
- Added support for ASP.NET MVC in .NET Core IAST Sensor (AcuSensor)
- Added support for Razor Pages in .NET Core in .NET IAST Sensor (AcuSensor)
- Added support for Web API in .NET Framework and .NET Core IAST Sensors (AcuSensor)
- Added support for Spring MVC in JAVA IAST Sensor (AcuSensor)
- Added support for Spring Struts2 in JAVA IAST Sensor (AcuSensor)
New Vulnerability Checks
- Acunetix has been updated to detect the following vulnerabilities using IAST:
- LDAP Injection
- Unsafe Reflection of Untrusted Data
- XPath Injection
- Email Header Injection
- Deserialization of Untrusted Data
- MongoDB Injection
- Server-side template injection (SSTI)
- Server-side request forgery (SSRF)
- Acunetix IAST (AcuSensor) has been updated to detect over 30 new server-side misconfigurations across all sensors
- New check for Magento Config File Disclosure
- New check for BillQuick Web Suite SQL injection (CVE-2021-42258)
- New check for Apache Airflow Experimental API Auth Bypass (CVE-2020-13927)
- New check for Apache Airflow default credentials
- New check for Apache Airflow Exposed configuration
- New check for Apache Airflow Unauthorized Access Vulnerability
- New check for GoCD information disclosure (CVE-2021-43287)
- New check for Grafana Plugin Dir Traversal (CVE-2021-43798)
- New check for NodeBB Arbitrary JSON File Read (CVE-2021-43788)
- New check for ManageEngine Desktop Central Deserialization RCE (CVE-2020–10189)
- New check for SolarWinds Orion API Auth bypass (CVE-2020-10148)
- New check for Citrix ADC NetScaler Local File Inclusion (CVE-2020-8193)
- New check for VMware vCenter vcavbootstrap Arbitrary File Read
- New check for Pentaho API Auth bypass (CVE-2021-31602)
- New check for Sonicwall SMA 100 Unintended proxy (CVE-2021-20042)
- New check for VMware vCenter Log4Shell RCE
- New check for VMware Horizon Log4Shell RCE
- New check for MobileIron Log4Shell RCE
- New check for Ubiquiti Unifi Log4Shell RCE
- New check for Apache OFBiz Log4Shell RCE
- New check for Apache Struts2 Log4Shell RCE
- New check for Apache Solr Log4Shell RCE
- New check for Apache JSPWiki Log4Shell RCE
- New WordPress Core and WordPress plugins checks
Updates
- IAST Sensors (AcuSensor) capabilities have been updated to improve the detection of:
- Arbitrary File Creation
- Directory Traversal
- SQL Injection
- Remote Code Execution
- Acunetix will start reporting when an old version of the IAST Sensor (AcuSensor) is installed on the web application
- Considerable update to the handling of CSRF tokens
- The Vulnerabilities page now includes a unique Vulnerability ID
- Multiple UI updates
- Multiple DeepScan updates
Fixes
- Fixed issue with Gitlab issue types not showing in UI
- Fixed issue with Amazon AWS WAF export
- Fixed several scanner crashes
- Fixed issue with .NET IAST AcuSensor not working on IIS prior to version 10
- Fixed issue with Node.js IAST AcuSensor causing web application to stop working
- Fixed ordering issue caused in PDF Comprehensive reports for multiple scans
- Fixed timeout issue causing IAST data not to reach the Acunetix scanner
v14.6.220117111 - 18 Jan 2022
Copy Link
Copy Link
Version 14 build 14.6.220117111 for Windows, Linux and macOS – 18th January 2022
Updates
- Updated Python binaries to v3.8.10
- Updated WordPress plugin and WordPress core vulnerability checks
v14.6.211220100 - 20 Dec 2021
Copy Link
Copy Link
Version 14 build 14.6.211220100 for Windows, Linux and macOS – 20th December 2021
New Vulnerability Checks
- Apache Log4j RCE vulnerability check updated to detect blind (delayed) instances of the vulnerability
v14.6.211215172 - 16 Dec 2021
Copy Link
Copy Link
Version 14 build 14.6.211215172 for Windows, Linux and macOS – 16th December 2021
New Vulnerability Checks
- Apache Log4j RCE vulnerability check updated to detect the vulnerability in web server exceptions
- Apache Log4j RCE vulnerability check updated to execute on various HTTP Headers
Updates
- Updated the scanner to test custom headers used by the web application
v14.6.211213163 - 13 Dec 2021
Copy Link
Copy Link
Version 14 build 14.6.211213163 for Windows, Linux and macOS – 13th December 2021
New Vulnerability Checks
- New check for Apache Log4j RCE (CVE-2021-44228)