Home / Linux / New build checks for vulnerabilities in Apache products, Coldfusion, ACME mini_httpd and Spring Security

New build checks for vulnerabilities in Apache products, Coldfusion, ACME mini_httpd and Spring Security

Acunetix version 12 (build 12.0.181218140 – Windows and Linux) has been released. This new build checks for vulnerabilities in Apache Solr, Apache mod)jk, Coldfusion, ACME mini_httpd, Spring Security. The new build also includes a number of updates and important fixes.

The new vulnerability checks, updates and fixes are available for both Windows and Linux.

New Vulnerability checks

  • New test for Apache Solr XXE (CVE-2017-12629)
  • New test for RCE in Spring Security OAuth (CVE-2016-4977)
  • New test for Apache mod_jk access control bypass (CVE-2018-11759)
  • New test for Unauthenticated Stored XSS in WordPress Plugin WPML (CVE-2018-18069)
  • New test for ACME mini_httpd (web server) arbitrary file read (CVE-2018-18778)
  • New test for OSGi Management Console Default Credentials
  • New test for Flex BlazeDS AMF Deserialization RCE (CVE-2017-5641)
  • New test for common misconfigurations in ColdFusion
  • New test for AMF Deserialization RCE in ColdFusion (CVE-2017-3066)
  • New test for JNDI injection in ColdFusion (CVE-2018-15957)
  • New test for unauthenticated File uploading in ColdFusion (CVE-2018-15961)
  • New WordPress / WordPress plugin vulnerability checks

Updates

  • Improved the injection of payloads and other improvements in the handling of JSON data
  • Updated Chromium to fix Chromium vulnerability
  • Improved web application detection

Fixes

  • Corrected LSR launch message for Linux installations
  • Fixed Update License issue on Internet Explorer
  • Fixed several memory leaks/scanner closing unexpectedly
  • Fixed issue affecting the processing of some content types
  • Some cookies were being added multiple times during the scan
  • Some redirects were not being correctly handled
  • Some requests generated by the scanner incorrectly contained two backslashes (‘//’)
  • Fixed issue in the Backup Folders checks going out of scope
  • Several minor fixes

Upgrade to the latest build

If you are already using Acunetix v12, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > Settings page.
If you are using a previous version of Acunetix, you need to download Acunetix version 12 from here. Use your current Acunetix License Key to download and activate your product.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

x

Check Also

What Are Injection Attacks | Acunetix

What is Code Injection | Acunetix

Code Injection or Remote Code Execution (RCE) enables the attacker to execute malicious code as ...