Acunetix Web Vulnerability Scanner Version 13 (build 13.0.201028153 – Windows)
Acunetix Web Vulnerability Scanner Version 13 (build 13.0.201028153 – Windows)
Version 13 (build 13.0.201028153 for Windows / Linux and build 13.0.201028161 for macOS) 29th October 2020 New Features Logon Banner can be configured for Acunetix logon page (satisfies DOD Notice and Consent Banner requirement) Added ability to export vulnerabilities to CSV (available as WAF Export option) Added ability to export scan locations to CSV (available as WAF Export option) New Vulnerability Checks New check for JavaScript Source map detected New check for Unauthenticated Remote Code Execution via JSONWS in Liferay 6.1 (LPS-88051) New check for Oracle WebLogic Server unauthenticated remote code execution (CVE-2020-14882) Updated WordPress plugin checks Updates Improved handling of Swagger The scanner will try to detect differences in the site using different user-agents Various minor UI updates Added Scan Profile used in Scan results Business Logic Recorder cannot be used on Targets which require Manual Intervention Updated Jira issue tracker Improved error shown when checking for updates fails Updated import file feature to support files using BOM Comprehensive report tags vulnerabilities detected by AcuSensor and AcuMonitor Fixes Fixed issue causing multi-line session detection not to be used during scan Updated Jira issue tracker to use proxy server if configured Fixed issue causing gzip encoded body of HTTP responses to become invalidated Fixed: Printing the Coverage report would not print the sitemap in the report Fixed issue causing some login forms not to be detected during the scan Fixed timing issue when scheduling a scan for a future date Fixed scanner crashes caused by specific import files Fixed issue causing DeepScan not to be used on Kali Linux Fixed false positive in Zend Framework LFI via XXE Fixed issue causing some scans to fail because of the client certificate Fixed issue causing LSR playback to fail for some scans Fixed issue in New Scan dialog for Tech Admin users Version 13 (build 13.0.200930102 for Windows, Linux and macOS) 30th September 2020 New Features Export Scans to JSON (available as WAF Export option) Added context-sensitive help for all pages in the UI. Clicking on the ? icon will open documentation for the specific page New Vulnerability Checks New test for Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496) New test for No HTTP Redirection Numerous tests related to TLS / SSL, including: Added support for 200 new cipher suites, bringing the total number of supported cipher suites to 360 New test for TLS/SSL Diffie-Hellman Key Reuse (prerequisite for Raccoon Attack) New test for TLS/SSL LOGJAM attack (CVE-2015-4000) New test for TLS/SSL Sweet32 attack (CVE-2016-2183 and CVE-2016-6329 Alert if server offers cipher suites with symmetric encryption key length <128 Alert if server offers cipher suites using symmetric encryption algorithms RC2, DES (insecure), IDEA Alert if server offers cipher suites using ANON, NULL, SHA-1 for authentication Alert if server offers cipher suites using MD5 for HMAC New vulnerability checks for WordPress plugins and Drupal core Updates Numerous updates to the UI Malware scan profile updated to check for Trojans Scanner updated to receive newly discovered hosts from vulnerability checks Updated Swagger 2 implementation to better cater for nested schemes/objects Updated deduplication to better cater for network scans / vulnerabilities Adaptive ciphersuite testing, reduces the average SSL/TLS scan duration by 90% Fixes Fixed issue where no data was shown for archived scans Fixed some minor issues with default filters Fixed issue showing wrong Target count in license page Fixed UI issue affecting Custom Scan Profiles Fixed Possible Sensitive Files / Folders to use the Case Sensitive Paths setting for the Target Fixed issue in Reverse Proxy Detection check
