-
發佈日期:2022-06-09
Version 14 build 14.8.220606174 for Windows, Linux and macOS;
適用於Windows、Linux 和 macOS 的 14 版建置編號 14.8.220606174
A new Acunetix update has been released for Windows, Linux, and macOS: 14.8.220606174.
New Vulnerability checks -
發佈日期:2022-05-23
Version 14 build 14.8.220519149 for Windows, Linux and macOS;
適用於Windows、Linux 和 macOS 的 14 版建置編號 14.8.220519149
A new Acunetix update has been released for Windows, Linux, and macOS: 14.8.220519149.
New Features- JAVA IAST sensor now supports JBoss, Jetty and Wildfly JAVA Severs
- Improved support for Servlet3 and Jersey JAVA Frameworks
New Vulnerability Checks
- New IAST checks for Expression Language Injection
- New IAST checks for Hibernate Query Injection
- New test for Apache OFBiz Log4Shell RCE (CVE-2021-44228)
- New WordPress plugin checks
- New / updated JavaScript Audit checks
Updates
- Various UI improvements
- Improved detection of Directory Traversal vulnerabilities
- Improved detection of Directory Listing vulnerabilities
- Improved detection of development files
- Several improvements to LSR / DeepScan
Fixes
- Fixed issue causing some vulnerabilities detected by AcuSensor not to show as AcuSensor verified
- Fixed issue causing routes to not be listed by JAVA IAST sensor
- Fixed 2 issues in Target CSV import
- Fixed issue causing SCA not to be done on JAVA Spring boot web applications
- Fixed issue causing some checks not to be executed on cookies with Secure flag
-
發佈日期:2022-04-26
Version 14 build 14.7.220425114 for Windows, Linux and macOS;
適用於Windows、Linux 和 macOS 的 14 版建置編號 14.7.220425114
A new Acunetix update has been released for Windows, Linux, and macOS: 14.7.220425114.
Updates- Upgraded Chromium to v100.0.4896.127
-
發佈日期:2022-03-30
Version 14 build 14.7.220329162 for Windows, Linux and macOS;
適用於Windows、Linux 和 macOS 的 14 版建置編號 14.7.220329162
A new Acunetix update has been released for Windows, Linux, and macOS: 14.7.220329162.
Updates- Upgraded Chromium to v99.0.4844.84
-
發佈日期:2022-04-01
Version 14 build 14.7.220401065 for Windows, Linux and macOS;
適用於Windows、Linux 和 macOS 的 14 版建置編號 14.7.220401065
A new Acunetix update has been released for Windows, Linux, and macOS: 14.7.220401065.
New Vulnerability checks -
發佈日期:2022-03-30
Version 14 build 14.7.220329162 for Windows, Linux and macOS;
適用於Windows、Linux 和 macOS 的 14 版建置編號 14.7.220329162
A new Acunetix update has been released for Windows, Linux, and macOS: 14.7.220329162.
Updates- Upgraded Chromium to v99.0.4844.84
-
發佈日期:2022-03-28
Version 14 build 14.7.220322147 for Windows, Linux and macOS;
適用於Windows、Linux 和 macOS 的 14 版建置編號 14.7.220322147
Updates
A new Acunetix update has been released for Windows, Linux, and macOS: 14.7.220322147.
New Vulnerability checks- Engines page in UI now shows the number of Targets bound to a scanning engine
- Vulnerabilities page in UI shows the Target Tracker Issue Id when the vulnerability is sent to an Issue Tracker
- Upgraded Chromium to v99.0.4844.0
- JWT audit checks are now done on GET / POST parameters
- Fixed several Scanner crashes
- Numerous UI updates / fixes
- Fixed error when configuring GitHub Issue Trackers
- Numerous fixes related to CSRF token management
- Better handling of imported URLs that are excluded in LSR
- fixed issue causing pre-request scripts to be renamed, causing import scripts not to fail to be loaded
-
發佈日期:2022-03-01
Version 14 build 14.7.220228146 for Windows, Linux and macOS;
適用於Windows、Linux 和 macOS 的 14 版建置編號 14.7.220228146
A new Acunetix update has been released for Windows, Linux, and macOS: 14.6.220117111.
New Features- .NET IAST Sensor (AcuSensor) can now be installed on .NET Core v3 and v5 on Windows (with Kestrel server)
- Acunetix Scanner updated to support Routes for frameworks supported by the IAST sensors (AcuSensor)
- Added support for Laravel framework in PHP IAST Sensor (AcuSensor)
- Added support for CodeIgnitor framework in PHP IAST Sensor (AcuSensor)
- Added support for Symphony framework in PHP IAST Sensor (AcuSensor)
- Added support for ASP.NET MVC in .NET Core IAST Sensor (AcuSensor)
- Added support for Razor Pages in .NET Core in .NET IAST Sensor (AcuSensor)
- Added support for Web API in .NET Framework and .NET Core IAST Sensors (AcuSensor)
- Added support for Spring MVC in JAVA IAST Sensor (AcuSensor)
- Added support for Spring Struts2 in JAVA IAST Sensor (AcuSensor)
- Acunetix has been updated to detect the following vulnerabilities using IAST:
- LDAP Injection
- Unsafe Reflection of Untrusted Data
- XPath Injection
- Email Header Injection
- Deserialization of Untrusted Data
- MongoDB Injection
- Server-side template injection (SSTI)
- Server-side request forgery (SSRF)
- Acunetix IAST (AcuSensor) has been updated to detect over 30 new server-side misconfigurations across all sensors
- New check for Magento Config File Disclosure
- New check for BillQuick Web Suite SQL injection (CVE-2021-42258)
- New check for Apache Airflow Experimental API Auth Bypass (CVE-2020-13927)
- New check for Apache Airflow default credentials
- New check for Apache Airflow Exposed configuration
- New check for Apache Airflow Unauthorized Access Vulnerability
- New check for GoCD information disclosure (CVE-2021-43287)
- New check for Grafana Plugin Dir Traversal (CVE-2021-43798)
- New check for NodeBB Arbitrary JSON File Read (CVE-2021-43788)
- New check for ManageEngine Desktop Central Deserialization RCE (CVE-2020–10189)
- New check for SolarWinds Orion API Auth bypass (CVE-2020-10148)
- New check for Citrix ADC NetScaler Local File Inclusion (CVE-2020-8193)
- New check for VMware vCenter vcavbootstrap Arbitrary File Read
- New check for Pentaho API Auth bypass (CVE-2021-31602)
- New check for Sonicwall SMA 100 Unintended proxy (CVE-2021-20042)
- New check for VMware vCenter Log4Shell RCE
- New check for VMware Horizon Log4Shell RCE
- New check for MobileIron Log4Shell RCE
- New check for Ubiquiti Unifi Log4Shell RCE
- New check for Apache OFBiz Log4Shell RCE
- New check for Apache Struts2 Log4Shell RCE
- New check for Apache Solr Log4Shell RCE
- New check for Apache JSPWiki Log4Shell RCE
- New WordPress Core and WordPress plugins checks
- IAST Sensors (AcuSensor) capabilities have been updated to improve the detection of:
- Arbitrary File Creation
- Directory Traversal
- SQL Injection
- Remote Code Execution
- Acunetix will start reporting when an old version of the IAST Sensor (AcuSensor) is installed on the web application
- Considerable update to the handling of CSRF tokens
- The Vulnerabilities page now includes a unique Vulnerability ID
- Multiple UI updates
- Multiple DeepScan updates
- Fixed issue with Gitlab issue types not showing in UI
- Fixed issue with Amazon AWS WAF export
- Fixed several scanner crashes
- Fixed issue with .NET IAST AcuSensor not working on IIS prior to version 10
- Fixed issue with Node.js IAST AcuSensor causing web application to stop working
- Fixed ordering issue caused in PDF Comprehensive reports for multiple scans
- Fixed timeout issue causing IAST data not to reach the Acunetix scanner
-
發佈日期:2021-03-17
Acunetix Upgrading from V13 to V14
Acunetix Online
All backend maintenance for Acunetix Online is taken care of by Acunetix.
There is nothing you need to do for this, and the new version will be deployed
to the Acunetix Online platform automatically in due course.
Acunetix Standard & Premium - Windows
Main Installation
By default, Acunetix is configured to auto-update, and you would therefore not need to do anything else.
If you have disabled this functionality, you can perform the upgrade as follows:
• go to the "About" page
• click the "Check for Updates" button; this will show that a new build is available
• click on the "Update" link; this will trigger the update process; during the update process,
the Acunetix UI will not be available ;
• after a few minutes,
go back to the "About" page and refresh the page
The update process is complete, and the new version number will be displayed.
Engine-Only Installation
The engine-only installation must be performed manually. Copy the
Acunetix
installation to the machine.
• ith theFrom the command prompt, run the installation w /engineonly switch.
• This will start the installation of the Acunetix Scanning Engine
• Proceed with the installation. The "Allow remote access to Acunetix"
option will be enabled aut omatically,
and the Server Name will be prepopulated
with the information used during the first install;
These settings do not need to be adjusted.
• Proceed and finish the installation.
• You can check the status and version number of the Engine-Only installation
from the Engines
page of the Main machine:
Acunetix Standard & Premium - Linux
Main Installation
To upgrade the main installation:
• Download the latest Linux version of Acunetix from the download location provided when
you purchased the license.
• Open a Terminal Window
• Use chmod to add executable permissions on the installation file E.g. chmod +x acunetix_14.
1.210316098_x64.sh
• Run the installation
• E.g. sudo ./acunetix_14.1.210316098_x64.sh
• Accept the license agreement
• At the upgrade prompt, enter "y" to proceed with the upgrade
• When the upgrade is complete, the "About" page will show the new version number:
Engine-Only Installation
To upgrade the main installation:
• Download the latest Linux version of Acunetix from the download location provided when
you purchased the license.
• Open a Terminal Window
• Use chmod to add executable permissions on the installation file E.g. chmod +x acunetix_14.
1.210316098_x64.sh
• Run the installation in Engine-Only mode
• E.g. sudo ./acunetix_14.1.210316098_x64.sh --engineonly
• Accept the license agreement
• At the upgrade prompt, enter "y" to proceed with the upgrade
• When the upgrade is complete, You can check the status and version number of the
Engine-Only installation from the "Engines" page of the Main machine:
Acunetix Standard & Premium - MacOS
To upgrade the installation:
• Download the latest MacOS version of Acunetix from the download location provided
when you purchased the license.
• Double click the installation PKG file to launch the Acunetix installation wizard,
and click "Continue" when prompted.
• Review and accept the License Agreement.
• You may be prompted for your MacOS password to complete parts of the upgrade.
• Setup will now copy all files and updates for the Acunetix services; when the installation
is co mpleted, the "Continue" button will become enabled in the installer.
• Click "Close" to exit the installer.
• When the upgrade is complete, the "About" page will show the new version number: