Summary
The latest update to the TrustKeeper Scan Engine is now available. This week's update includes coverage for 14 new vulnerabilities, improved version detection for Drupal and improved detection for VNC, FTP and SNMPv3.
New Vulnerability Test Highlights
Some of the more interesting vulnerability tests we added recently are as follows:
Webmin
- Webmin Brute Force Lockout Bypass Vulnerability (CVE-2004-0583)
- Webmin chooser.cgi Cross Site Scripting Vulnerability (CVE-2007-1276)
- Webmin Configuration File Ownership Change Vulnerability (CVE-2005-1177)
- Webmin MiniServ Format String Denial of Service Vulnerability (CVE-2005-3912)
- Webmin Multiple pam_login.cgi Cross Site Scripting Vulnerabilities (CVE-2007-3156)
- Webmin Null Byte Security Bypass Vulnerabilities (CVE-2006-4542)
- Webmin PAM Authentication Bypass Vulnerability (CVE-2005-3042)
- Webmin Popup Window Cross Site Scripting Vulnerability (CVE-2014-3924)
- Webmin Search Parameter Cross Site Scripting Vulnerability (CVE-2008-0720)
- Webmin Sensitive File Read Access Vulnerability (CVE-2004-0582)
- Webmin simplify_path Read Access Bypass Vulnerabilities (CVE-2006-3392)
- Webmin Unspecified Authenticated Cross Site Scripting Vulnerabilities (CVE-2014-3885)
- Webmin Unspecified Cross Site Scripting Vulnerabilities (CVE-2014-3886)
- Webmin Web Mail Arbitrary Code Execution Vulnerability (CVE-2004-1468)
How to Update?
All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.