Acunetix v25.1.2 發布消息-版本更新公告 | 新永資訊有限公司

  1. 首頁
  2. 軟體更新資訊
  3. Acunetix v25.1.2 發布消息-版本更新公告

軟體更新資訊

Acunetix v25.1.2 發布消息-版本更新公告

更新消息
 
  • Acunetix v25.1.2 - 17 Feb 2025

    Improvements

    • Improved detection of Microsoft SQL Server as a technology.
  • Acunetix v25.1.1 - 07 Feb 2025

    New Security Checks

    • Added a new check for SSRF Cloud Metadata
    • Added a new check for Out-of-Band SSTIs

    Improvements

    • Improved Information Disclosures for phpinfo
    • Improved Username Disclosure for MS SQL
    • Improved Database Name Disclosures
    • Improved detection of exposed git repositories
    • Improved coverage of checks in Directory tests
    • Updated VDB to 20250204
    • Improved detection of Programming Error Messages

    Resolved issues

    • Fixed a false positive causing EspoCRM tech to be reported unexpectedly
  • Acunetix v24.12.0 - 16 Dec 2024

    New Security Checks

    • Added Palo Alto PAN-OS RCE (CVE-2024-0012/CVE-2024-9474)
    • Added Sitecore AFR (CVE-2024-46938)
    • Added a security check for CVE-2024-51567 / CVE-2024-51568 / CVE-2024-51378
    • Added a fix for Acunetix’s incorrect detection of Drupal versions, where the script read the version correctly but compared it improperly

    Improvements

    • The engine now uses Chromium 131 for scanning
    • The engine now leverages headers from all import files, incl. Postman collections
    • The engine now supports using host and path from Postman collections
    • Users can see clearly if OTP is not configured inside the Login Sequence Recorder

    Fixes

    • Fixed an issue where, in rare cases, the LSR failed to correctly add session data
    • Fixed an issue where GraphQL imports could fail in certain edge cases
  • Acunetix v25.1.0 - 04 Feb 2025

    New Security Checks

    • Added a check for Craft CMS Development Mode enabled.
    • Added a check for Craft CMS register_argc_argv RCE (CVE-2024-56145).
    • Added a check for Apple’s App-Site Association (AASA) file.
    • Added new checks for API9:2023 Improper Inventory Management.
    • Added new checks for API10:2023 Unsafe Consumption of APIs.
    • Added new checks for API2:2023 Broken Authentication.

    New Features

    • Added support for scanning web applications using Smart Card Authentication. Learn more.

    Improvements

    • Improved detection of Microsoft SQL Server as a technology.
    • Improved detection of XSS.
    • Updated the severity of some vulnerabilities to better reflect their impact.
    • Improved detection of weak passwords.
    • Improved detection of SQL Injection.
    • Updated scanner to never downgrade from HTTPs to HTTP.

    Resolved issues

    • Improvement to launching Chromium on Windows 10 build 14393.
  • Acunetix v24.12.0 - 16 Dec 2024

    New Security Checks

    • Added Palo Alto PAN-OS RCE (CVE-2024-0012/CVE-2024-9474)
    • Added Sitecore AFR (CVE-2024-46938)
    • Added a security check for CVE-2024-51567 / CVE-2024-51568 / CVE-2024-51378
    • Added a fix for Acunetix’s incorrect detection of Drupal versions, where the script read the version correctly but compared it improperly

    Improvements

    • The engine now uses Chromium 131 for scanning
    • The engine now leverages headers from all import files, incl. Postman collections
    • The engine now supports using host and path from Postman collections
    • Users can see clearly if OTP is not configured inside the Login Sequence Recorder

    Fixes

    • Fixed an issue where, in rare cases, the LSR failed to correctly add session data
    • Fixed an issue where GraphQL imports could fail in certain edge cases
  • Acunetix v24.10.241106172 - 07 Nov 2024

    Improvements

    • Improved detection of Microsoft SQL Server as a technology
    • Improved detection of XSS
    • Updated the severity of some vulnerabilities to better reflect their impact
    • Improved detection of weak passwords
    • Improved detection of Blind XSS
  • Acunetix v24.9.241015145 - 17 Oct 2024

    New Security Checks

    • Added check for CVE-2024-6842

    Improvements

    • Upgraded to OpenSSL
    • Updates to technologies and fingerprints
  • Acunetix v24.9.240918130 - 19  Sep 2024

    This release build is currently only available for Acunetix On-Premises

     

    New Security Check

    Improvements

    • Updated Chromium to v128.0.3316.119/.120
    • The scanner now supports GraphQL when described in introspection JSON
    • The upgraded Scan Details page is now enabled for On-Premises customers as well → Learn more

    • Using API Discovery On-Premises, the admin can specify a destination URL for the Network Traffic Analyzer con

    Fixes

    • Fixed a false positive in the Solr Injection check
    • Resolved a rare case where the vulnerability detail was not loading properly on the new Scan Details page
    • Runtime SCA PDF reports are now being generated correctly
    • The scan end timestamp is now loading properly on the new Scan Details page
  • Acunetix v24.8.240903137 - 04  Sep  2024

    Fixes

    • Fixes on the HTTP/2 Handler
  • Acunetix v24.7.1 - 24  Jul  2024

    NEW SECURITY CHECKS

    • Added detection for Mura Masa SQLi (CVE-2024-32640)

    Fixes

    • Fixed a False Positive on the ‘Broken access control in Confluence Server and Data Center’ vulnerability (CVE-2023-22515)
  • Acunetix v24.7.0 - 16  Jul 2024

    New Features

    • Invicti API Security: multi-layered API discovery to enable comprehensive identification of known and undocumented APIs → Learn more

    New Security Checks

    Improvements

    • Scanner: Improved processing of large files
    • Added support for HTTP/2 requests in Burp state import files
    • .NET IAST Sensor: Added support for Engine.Razor functions
    • Improved XFS checks
    • Improvements to the new Scan Detail page (Early Access)

    Fixes

    • Minor UI/UX fixes across the application
  • Acunetix v24.6.1 - 02  Jul  2024

    SECURITY CHECKS

    Fixes

    • Fixed an issue with the Discovery service in On-Premises environments
  • Acunetix v24.5.240529155 - 30  May 2024

    New Features

    • Added the ability to link an API definition URL for adding paths to a target before scanning. Read more about how to add paths to targets and how this helps scanning.

    New Security Checks

    Improvements

    • Fixed the password reset tool for Windows for Acunetix On-Premises
    • .NET Core IAST Sensor: Removed dependency on NLog
    • Various improvements in Deepscan, lessening the time to process pages / SPAs
    • Deepscan updated to not interact with Google Maps
    • Updated detection for monitoring systems
    • Updated detection of web installers

    Fixes

    • Correct warning is now displayed when attempting to add more than permitted target variations

      Addressed several usability and design issues across application settings
    • Fixed a possible problem starting OpenVAS scans with Acunetix On-Premises
    • Design updates for User settings in Acunetix Online
    • Fixed an issue in the PHP sensor affecting PHP 8.1+ web applications
    • For users in a User Group, target group assignment is properly applied under all scenarios
    • Fixed a user permission issue when using custom roles
    • Invite emails from Acunetix On-Premises for Linux are properly displaying content now
    • Fixed the OOM (out of memory) problem when processing large PDF files
  • Acunetix v24.3.2 - 15  April 2024
    Improvements
    • Replaced an expiring Invicti Signing Code Certificate for Windows binaries
  • Acunetix v24.4.240427095 - 30  April 2024

    New Features

    • Added the ability to link an API definition URL for adding paths to a target before scanning. Read more about how to add paths to targets and how this helps scanning.

    New Security Checks

    Improvements

    • Fixed the password reset tool for Windows for Acunetix On-Premises
    • .NET Core IAST Sensor: Removed dependency on NLog
    • Various improvements in Deepscan, lessening the time to process pages / SPAs
    • Deepscan updated to not interact with Google Maps
    • Updated detection for monitoring systems
    • Updated detection of web installers

    Fixes

    • Correct warning is now displayed when attempting to add more than permitted target variations

      Addressed several usability and design issues across application settings
    • Fixed a possible problem starting OpenVAS scans with Acunetix On-Premises
    • Design updates for User settings in Acunetix Online
    • Fixed an issue in the PHP sensor affecting PHP 8.1+ web applications
    • For users in a User Group, target group assignment is properly applied under all scenarios
    • Fixed a user permission issue when using custom roles
    • Invite emails from Acunetix On-Premises for Linux are properly displaying content now
    • Fixed the OOM (out of memory) problem when processing large PDF files
  • Acunetix v24.3.2 - 15  April 2024
    Improvements
    • Replaced an expiring Invicti Signing Code Certificate for Windows binaries
  • Acunetix v24.3.0 - 25  March 2024

    New Features

    • Smart API Scanning capabilities for Swagger 2
    • Smart API Scanning capabilities for OpenAPI 3

    New Security Checks

    Improvements

    • Improved Crawling of websites using IFrames
    • .NET IAST sensor will report SQL Injection issues introduced through the usage of MSSQL Entity Framework Sql_Query
    • Improved detection of DOM XSS in Referrer Header
    • Improved detection of DOM XSS in document.cookie

    Fixes

    • Fixed a situation when a new target couldn’t be created via API

      Fixed: Missing HTTP response for vulnerabilities reported by internal scanning agent
    • Fixed: Missing Attack Details for Unsupported SSL Secure Renegotiation vulnerability
  • Acunetix v24.2.240227118 - 28  Feb 2024

    Fixes

    • Invitation emails are being sent correctly
    • Discovered assets can be correctly assigned to target groups
  • Acunetix v24.2.240226074 - 26  Feb 2024

    New Features

    • Added the ability to use Aria Roles to provide better coverage
    • Introduced PCI DSS 4.0 report. Note that PCI DSS 3.2 will reach the end of its support or relevance by the end of March
    • .NET IAST now supports .NET 8 (currently in Open Beta)

    New Security Checks

    Improvements

    • Updated Chromium to 121.0.6167.139/140
    • Improved detection of DOM-based Cross Site Scripting (XSS)
    • Improved the way that “Content Security Policy Misconfiguration” alerts are reported
    • Improved detection of Client Side Prototype Pollution (CSPP)
    • IAST scans will start reporting the IAST sensor version used for the scan
    • New column “Result” is shown in the list of scans to provide more details about scan outcome
    • Enhanced support for OTP apps by displaying the activation code next to the QR code
    • Improved crawling of Single Page Applications (SPA) that are using Ionic Framework
    • Added the ability to scan web applications which require browsing in a single browser tab
    • Upgraded user experience of in-app notifications – Updated UX of notifications dropdown
    • When accessing the application from a different location or browser, all other sessions are promptly terminated. Previously, users were notified, causing inconvenience when working from various locations

    Fixes

    • Fixed a bug caused by the engine not respecting Cache-Control directive
    • In rare situations, a report being generated could have resulted in an Internal server error. This issue has now been fixed
    • Fixed several minor user experience issues across the application
  • Acunetix v24.1.240131143 - 01  Feb 2024

    New Features

    • The Java IAST sensor now supports Java 21

    New Security Checks

    Fixes

    • Fixed a bug in the processing of technologies
  • Acunetix v24.1.240111130 - 11  Jan 2024

    New Features

    • The Java IAST sensor has been updated to support Java 17 and removes the requirement for AspectJWeaver
    • Changes to the mechanism that manages services for Acunetix On-Premises for Docker and Linux (Customers using Acunetix On-Premises for Docker or Linux need to manually update to version 24.1)

    New Security Checks

    • Improved Elmah security check to check for variants of Elmah
    • OpenCms Chemistry Solr XML External Entity (XXE) (CVE-2023-42346)
    • OwnCloud phpinfo Information Disclosure (CVE-2023-49103)
    • TorchServe Management API SSRF (CVE-2023-43654)
    • Updated vulnerabilities for WordPress Core and WordPress plugins
    • Ofbiz PreAuth RCE (CVE-2023-49070)
    • F5 BIG-IP Request Smuggling (CVE-2023-46747)
    • Sitecore XP TemplateParser RCE (CVE-2023-35813)
    • Added a check for SSRF/LFI via PDF generation
    • Added a check for file inclusion/path traversal when the response is shown inside a PDF

    Improvements

    • Updated .NET (core) IAST sensor to hook new functions
    • The scanner will now properly report when the protocol (http/https) is changed at the start of the scan
    • Increased the size limit to 10kB for supported Client Certificates for authenticated scans
    • Updated to Chromium 119.0.6045.199/200
    • Users can opt-in to receive a direct download link instead of a PDF report attachment (On-Prem only)
    • Improved crawling of Single Page Applications (SPA) that are using React
    • Improved crawling of Single Page Applications (SPA) that are using the Angular Framework
    • Improved crawling of Single Page Applications (SPA) that are using the Vue.js Framework
    • New User Profile design
    • A refreshed UI with a new navigational experience

    Fixes

    • Fixed an issue that was causing some vulnerabilities not to be exported to Amazon AWS WAF
    • Fixed a Deepscan and LSR issue caused when a page overrides the standard window.* methods
    • Notifications about scans that require manual intervention are now correctly displayed wherever the user is located (On-Prem only)
    • Fixed a number of scanner crashes
  • Acunetix v23.11.231130164 - 4  Dec 2023
           Fixes
    • Fixed a bug in SSO workflow.
  • Acunetix v23.11.0 - 23 Nov 2023

    New Features

    • Every user can now choose which email notifications they receive by setting their individual preferences located in their User Profile
    • For Acunetix On-Premises customers, email server settings have been moved under the Settings menu
    • You can now open Acunetix on multiple tabs without needing to log in with every new tab you open
    • We’ve added CVSS 4.0 scores to some vulnerabilities — You’ll find the CVSS 4.0 score and vector displayed next to the old score (3.1/3.0/2.0, whichever is highest) in the UI and API
    • For Acunetix On-Demand customers, user management is now available under Settings > Users & Access. Here you’ll find the user list with some new filter options and a new way to create user accounts by generating an invitation link (the user specifies their own password instead of the administrator).

    New Security Checks

    Improvements

    • Email notifications now have the option to include a direct link for downloading PDF report. Previously it was necessary to log in to Acunetix to download PDF report.
    • Updated the Chromium Build to 119.0.6045.123/.124
    • Enhanced IAST .NET sensor detection capabilities
    • IImproved location detection when using LSR
    • Improved scanner stability for select environments
    • Improvements to handling OpenAPI specifications
    • Multiple improvements to the SQL Injection vulnerability checks

    Fixes

    • Fixed an issue that was causing Amazon WAF exports to fail

      PDF reports now display information that was previously being cut off
  • Acunetix v15.6.230505122 - 09 May 2023

    New Security Checks

    • Added SAML-related security checks.
    • New security checks for Adobe ColdFusion affected by Deserialization RCE vulnerability. CVE-2023-26359/CVE-2023-26360
    • New security checks for GraphQL.
    • New checks for Joomla vulnerabilities.

    Improvements

    • Updated the embedded Chromium browser to v109.0.5414.141 for Windows and 112.0.5615.165 for Linux.
    • Improved the Business Logic Recorder to work with autocomplete fields.
    • Updated .NET IAST AcuSensor to avoid reporting false positives for default server misconfiguration.
    • Improved .NET IAST AcuSensor for reporting vulnerable packages.
    • Added support for file upload to the Login Sequence Recorder and Business Logic Recorder.
    • Improved response handling.
    • Various DeepScan Improvements.
    • Improved the coverage of development file exposure check.
    • Updated the Software Composition Analysis (SCA) database.
    • Updated the WordPress plugin vulnerabilities.

    Fixes

    • Various fixes in the scanner to lower memory usage.