Software Updates

Web Application Security – ModSecurity Commercial Rules, Update for December 2022 | Trustwave

Written by | Aug 8, 2022 5:14:00 PM

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Atlassian Jira

  • Atlassian Jira Seraph Authentication Bypass Vulnerability (CVE-2022-0540)
  • Atlassian Confluence Hardcoded Credentials Vulnerability (CVE-2022-26138)

Debian (Credentialed Checks)

Oracle

IBM

  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 121173) (CVE-2017-1121)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 121549) (CVE-2017-1137)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 122292) (CVE-2017-1151)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 123669) (CVE-2017-1194)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 127151) (CVE-2017-1380)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 127152) (CVE-2017-1381)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 127153) (CVE-2017-1382)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 129576) (CVE-2017-1501)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 129578) (CVE-2017-1503)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 129579) (CVE-2017-1504)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 132342) (CVE-2011-4343, CVE-2017-1583)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 134003) (CVE-2017-1681)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 134912) (CVE-2017-1731)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 134931) (CVE-2017-1741)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 134933) (CVE-2017-1743)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 137031) (CVE-2017-1788)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 143024) (CVE-2018-1567)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 144270) (CVE-2018-1614)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 144346) (CVE-2018-1621)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 144588) (CVE-2018-1643)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 145769) (CVE-2018-1695)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 147292) (CVE-2018-1719)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 148621) (CVE-2018-1767)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 148686) (CVE-2018-1770)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 148800) (CVE-2018-1777)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 148948) (CVE-2018-1793)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 148949) (CVE-2018-1794)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 149427) (CVE-2018-1797)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 149428) (CVE-2018-1798)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 150813) (CVE-2018-1840)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 152530) (CVE-2018-1901)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 152531) (CVE-2018-1902)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 152533) (CVE-2018-1904)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 152534) (CVE-2018-1905)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 152992) (CVE-2018-1926)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 153629) (CVE-2018-1957)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 154650) (CVE-2018-1996)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 155946) (CVE-2019-4030)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 156242) (CVE-2019-4046)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 157380) (CVE-2019-4080)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 160201) (CVE-2019-4268)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 160202) (CVE-2019-4269)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 160203) (CVE-2019-4270)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 160243) (CVE-2019-4271)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 160445) (CVE-2019-4279)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 163177) (CVE-2019-4441)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 163226) (CVE-2019-4442)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 163997) (CVE-2019-4477)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 164364) (CVE-2019-4505)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 171319) (CVE-2019-4670)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 172125) (CVE-2019-4720)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 174397) (CVE-2020-4163)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 175984) (CVE-2020-4276)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 177841) (CVE-2020-4329)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 178929) (CVE-2020-4362)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 178964) (CVE-2020-4365)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 181228) (CVE-2020-4448)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 181230) (CVE-2020-4449)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 181231) (CVE-2020-4450)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 181489) (CVE-2020-4464)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 182808) (CVE-2020-4534)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 184428) (CVE-2020-4576)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 184433) (CVE-2020-4578)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 184585) (CVE-2020-4589)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 185370) (CVE-2020-4629)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 185590) (CVE-2020-4643)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 189213) (CVE-2018-1770, CVE-2020-4782)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 192025) (CVE-2020-4949)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 193556) (CVE-2020-5016)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 194882) (CVE-2021-20353)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 194883) (CVE-2021-20354)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 196648) (CVE-2021-20453)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 196649) (CVE-2021-20454)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 197502) (CVE-2021-20480)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 197793) (CVE-2021-20492)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 201300) (CVE-2021-29736)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 202006) (CVE-2021-29754)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 205202) (CVE-2021-29842)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 211405) (CVE-2021-38951)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 213968) (CVE-2021-39038)
  • IBM WebSphere Application Server Security Update (IBM X-Force ID: 220904) (CVE-2022-22365)

Fedora (Credentialed Checks)

FreeBSD

OpenSSL

  • OpenSSL AES OCB Weak Encryption Vulnerability (CVE-2022-2097)
  • OpenSSL c_rehash Command Injection Vulnerability (20220621) (CVE-2022-2068)
  • OpenSSL RSA Private Key Heap Memory Corruption Vulnerability (CVE-2022-2274)

Oracle

SUSE Linux (Credentialed Checks)

Ubuntu (Credentialed Checks)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.