Acunetix WVS v6.5 build 20100203 released

New security checks:

• 8.3 DOS filename source code disclosure
• Apache Tomcat Directory Host Appbase authentication bypass vulnerability
• Apache Tomcat WAR File directory traversal vulnerability
• Apache stronghold-info enabled
• Apache stronghold-status enabled
• ColdFusion 9 Solr Service exposed
• Error page path disclosure
• Error page web server version disclosure
• File inclusion RFI list
• Checks for multiple vulnerabilities in XAMPP
• Server-Side Includes (SSI) injection on Unix
• Server-Side Includes (SSI) injection on Windows
• ASP.NET error messages when requesting URL like |.aspx

Improvements:

• Added more variants to FCKeditor arbitrary file upload
• Updated cross site scripting in path security checks
• Updated directory listing security checks
• Updated directory traversal on Unix security checks
• Updated file upload security checks
• Updated LDAP injection security checks
• Updated possible sensitive files security checks
• Updated XPath injection security checks

Bug Fixes:

• Workaround for window.open used with NULL parameter
• Notify elements that they are unbidden
• Notify form if an input was removed
• Include select element values in submitted data
• Fixed: HttpProt was sending content length with CONNECT
• Fixed: Crawler didn’t consider post data for links from CSA engine; some where ignored
• Fixed: Login sequence recorder was sending requests synchronously

How to upgrade: On starting up Acunetix WVS, a pop up window will automatically notify you that a more recent build is available for download. To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.