Acunetix WVS v6.5 build 20100203 released

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.

GIF - 5 kb

New security checks:

  • 8.3 DOS filename source code disclosure
  • Apache Tomcat Directory Host Appbase authentication bypass vulnerability
  • Apache Tomcat WAR File directory traversal vulnerability
  • Apache stronghold-info enabled
  • Apache stronghold-status enabled
  • ColdFusion 9 Solr Service exposed
  • Error page path disclosure
  • Error page web server version disclosure
  • File inclusion RFI list
  • Checks for multiple vulnerabilities in XAMPP
  • Server-Side Includes (SSI) injection on Unix
  • Server-Side Includes (SSI) injection on Windows
  • ASP.NET error messages when requesting URL like |.aspx

Improvements:

  • Added more variants to FCKeditor arbitrary file upload
  • Updated cross site scripting in path security checks
  • Updated directory listing security checks
  • Updated directory traversal on Unix security checks
  • Updated file upload security checks
  • Updated LDAP injection security checks
  • Updated possible sensitive files security checks
  • Updated XPath injection security checks

Bug Fixes:

  • Workaround for window.open used with NULL parameter
  • Notify elements that they are unbidden
  • Notify form if an input was removed
  • Include select element values in submitted data
  • Fixed: HttpProt was sending content length with CONNECT
  • Fixed: Crawler didn’t consider post data for links from CSA engine; some where ignored
  • Fixed: Login sequence recorder was sending requests synchronously

How to upgrade: On starting up Acunetix WVS, a pop up window will automatically notify you that a more recent build is available for download. To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Comments

Related Articles

Acunetix
Application Scanner
Vulnerability Scanner