TrustKeeper Scan Engine Update for April 21, 2020

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Apache

• Apache HTTP Server mod_proxy_ftp Uninitialized Memory Use (CVE-2020-1934)
• Apache HTTP Server mod_rewrite Open Redirect Vulnerability (CVE-2020-1927)

Magento

• Magento 1.x Detected

pfSense

• pfSense WebGUI Authenticated Arbitrary File Read/Write (SA-20_04)
• pfSense WebGUI diag_ping.php Cross-Site Scripting (SA-20_07)
• pfSense WebGUI rrd_fetch Cross-Site Scripting Vulnerability (SA-20_01)
• pfSense WebGUI services_acb.php Cross-Site Scripting Vulnerability (SA-20_02) (CVE-2019-12462)
• pfSense WebGUI services_captiveportal.php Arbitrary File Read/Write (SA-20_05)
• pfSense WebGUI services_captiveportal_mac.php Cross-Site Scripting Vulnerability (SA-20_03)
• pfSense WebGUI system_usermanager_addprivs.php Cross-Site Scripting (SA-20_06)

Ruby Lang

• Ruby BasicSocket Heap Exposure Vulnerability (CVE-2020-10933)

PHP

• PHP exif_read_data Out-of-Bounds Read Vulnerability (CVE-2020-7064)
• PHP get_headers Improper Null Termination Vulnerability (CVE-2020-7066)
• PHP mb_strtolower Stack-based Buffer Overflow Vulnerability (CVE-2020-7065)

cPanel

• cPanel Multiple Vulnerabilities (TSR-2019-0006) (CVE-2019-20498, CVE-2019-20497, CVE-2019-20496, CVE-2019-20495, CVE-2019-20494, CVE-2019-20493, CVE-2019-20492, CVE-2019-20491, CVE-2019-20490)
• cPanel Multiple Vulnerabilities (TSR-2020-0001) (CVE-2020-10122, CVE-2020-10121, CVE-2020-10120, CVE-2020-10119, CVE-2020-10118, CVE-2020-10117, CVE-2020-10116, CVE-2020-10115, CVE-2020-10114, CVE-2020-10113)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.