AWVS14 Update

InfO

Version 14 build 14.5.211026108 for Windows, Linux and macOS – 11th October 2021

Updates

• Removed message to “Press any key to continue” when installing .NET AcuSensor from CLI. This was hindering the automatic installation of the .NET sensor

Fixes

• Fixed issue causing scans to fail when site redirets from http to https
• Fixed issue causing incremental scans initiated from Jenkins plugin not to start

Version 14 build 14.5.211021117 for Windows, Linux and macOS – 11th October 2021

Fixes

• Fixed crash when processing swagger2 file with non-existent references

Version 14 build 14.5.211008143 for Windows, Linux and macOS – 11th October 2021

New Features

• Added support for URL optional fields
• Added support for Brotli encoding
• JAVA AcuSensor can now be used on Tomcat 10.0.x
• Added support for Restify framework in Node.js Sensor
• Added support for LoopBack framework in Node.js Sensor
• Added support for Sequelize ORM in Node.js Sensor
• Added support for Router Package in Node.js Sensor
• Added support for Director Router in Node.js Sensor

New Vulnerability Checks

• New check for Apache HTTP Server Source Code Disclosure
• New check for ManageEngine ADSelfService Plus Authentication Bypass (CVE-2021-40539)
• New check for Oracle Business Intelligence ReportTemplateService XXE (CVE-2021-2400)
• New check for Jira Unauthorized User Enumeration (CVE-2020-14181)
• New check for Jira Unauthorized User Enumeration via UserPickerBrowser
• New check for Jira Projects accessible anonymously
• New check for Payara Micro File Read (CVE-2021-41381)

Updates

• Export to AWS WAF is now available in all pages which allow WAF Export
• Updated Pre-request scripts, making it easier to update session header value
• Updated the detection of WAFs to support new WAFs
• Increased the detection of development files
• Improved the JavaScript Library Audit checks

Fixes

• Fixed issue in Paros import
• Fixed issue in scanner causing False Negatives when processing specific pages
• Fixed issue in AWS WAF Export
• Fixed issue in PHP Sensor not being detected when used in a large site with many files
• Fixed issue causing pre-request scripts not to be loaded by scanner
• Fixed 3 issues in Postman imports
• Fixed False Negative in Django Debug Mode vulnerability check
• Fixed issue causing high response times in UI caused by large quantity of Targets configured
• Fixed false positive in “User credentials are sent in clear text” check

Updates by Docker

• Automatic deployment using Github Action
• Support Chinese export report to PDF

Version 14 build 14.5.211026108 for Windows, Linux and macOS – 11th October 2021

Updates

• Removed message to “Press any key to continue” when installing .NET AcuSensor from CLI. This was hindering the automatic installation of the .NET sensor

Fixes

• Fixed issue causing scans to fail when site redirets from http to https
• Fixed issue causing incremental scans initiated from Jenkins plugin not to start

Version 14 build 14.5.211021117 for Windows, Linux and macOS – 11th October 2021

Fixes

• Fixed crash when processing swagger2 file with non-existent references

Version 14 build 14.5.211008143 for Windows, Linux and macOS – 11th October 2021

New Features

• Added support for URL optional fields
• Added support for Brotli encoding
• JAVA AcuSensor can now be used on Tomcat 10.0.x
• Added support for Restify framework in Node.js Sensor
• Added support for LoopBack framework in Node.js Sensor
• Added support for Sequelize ORM in Node.js Sensor
• Added support for Router Package in Node.js Sensor
• Added support for Director Router in Node.js Sensor

New Vulnerability Checks

• New check for Apache HTTP Server Source Code Disclosure
• New check for ManageEngine ADSelfService Plus Authentication Bypass (CVE-2021-40539)
• New check for Oracle Business Intelligence ReportTemplateService XXE (CVE-2021-2400)
• New check for Jira Unauthorized User Enumeration (CVE-2020-14181)
• New check for Jira Unauthorized User Enumeration via UserPickerBrowser
• New check for Jira Projects accessible anonymously
• New check for Payara Micro File Read (CVE-2021-41381)

Updates

• Export to AWS WAF is now available in all pages which allow WAF Export
• Updated Pre-request scripts, making it easier to update session header value
• Updated the detection of WAFs to support new WAFs
• Increased the detection of development files
• Improved the JavaScript Library Audit checks

Fixes

• Fixed issue in Paros import
• Fixed issue in scanner causing False Negatives when processing specific pages
• Fixed issue in AWS WAF Export
• Fixed issue in PHP Sensor not being detected when used in a large site with many files
• Fixed issue causing pre-request scripts not to be loaded by scanner
• Fixed 3 issues in Postman imports
• Fixed False Negative in Django Debug Mode vulnerability check
• Fixed issue causing high response times in UI caused by large quantity of Targets configured
• Fixed false positive in “User credentials are sent in clear text” check

Use

docker run -it -d \
--name awvs \
-p 3443:3443 \
--restart=always \
xrsec/awvs:latest

https://ip:3443
[email protected]
[email protected]

MD5

➜  AWVS14-Docker git:(main) find ./ -type f -print0 | xargs -0 MD5

MD5 (  Dockerfile  ) = e549463e7c67ca92fdd9554a67fb385e
MD5 (  acunetix/.hosts  ) = f628f786e8ccac389ee4743ed563fd0f
MD5 (  acunetix/awvs_listen.zip  ) = cf4ca0a243738211ab2bab9a3f6cadc5
MD5 (  acunetix/xaa  ) = 88efca25fb55912d424c087847e7677e
MD5 (  acunetix/xab  ) = ae6e057d617b5db7e28326a3f000fe93
MD5 (  acunetix/xae  ) = 494b6b95bb4895e9d5c5fd7214d594a5
MD5 (  acunetix/xad  ) = 86afe6e36808ce84466a33ed5b050a13
MD5 (  acunetix/xac  ) = 992323b107ae7f7e9e36017b8294b799
MD5 (  awvs.sh  ) = 0bb9878312f7e4f8723655757a91e3e8

➜  AWVS14-Docker git:(main)

上次更新开始，已不再提供破解补丁

Since the last update, crack patches are no longer provided

Latest 14.4.210913167

New vulnerability checks

• Added check for Unrestricted access to Kong Gateway API
• Added check for Unrestricted access to Haproxy Data Plane API
• Added check for OData feed accessible anonymously
• Added check for Unauthenticated OGNL injection in Confluence Server and Data Center (CVE-2021-26084)
• Added check for Microsoft Exchange Server Pre-auth Path Confusion vulnerability (CVE-2021-34473)

Updates

• Updated CORS Origin Validation check

Updates by Docker

• Automatic deployment using Github Action

Use

docker run -it -d \
--name awvs \
-p 3443:3443 \
--restart=always \
xrsec/awvs:latest

https://ip:3443
[email protected]
[email protected]

MD5

➜  AWVS14-Docker git:(main) find ./ -type f -print0 | xargs -0 MD5
MD5 ( Dockerfile)  = 8caa1ea56a3b9577c4d3a7bf6d3dfa89
MD5 ( acunetix/.hosts)  = f628f786e8ccac389ee4743ed563fd0f
MD5 ( acunetix/awvs_listen.zip)  = cf4ca0a243738211ab2bab9a3f6cadc5
MD5 ( acunetix/xaa)  = 9d158d9dc4a9fd1fc05d85d319ebe79d
MD5 ( acunetix/xab)  = 513afa398f8c2cf4ee54a04eec96b5ba
MD5 ( acunetix/xae)  = 67a8297cd4917a5bb62bf4e351545987
MD5 ( acunetix/xad)  = d3962b36dcd833930203ddc42a598cd0
MD5 ( acunetix/xac)  = 1927204364b74dd3ba8cd9a57e5735ff
MD5 ( awvs.sh)  = a6b05031632a9175fb44ea11f574f7a9
➜  AWVS14-Docker git:(main)

本次更新开始，不再提供破解补丁,请自行处理

This update starts, no more cracked patch, please handle yourself

XRSec has the right to modify and interpret this article. If you want to reprint or disseminate this article, you must ensure the integrity of this article, including all contents such as copyright notice. Without the permission of the author, the content of this article shall not be modified or increased or decreased arbitrarily, and it shall not be used for commercial purposes in any way