TrustKeeper Scan Engine Update for August 15, 2018

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Apache

• Apache HTTP Server Denial of Service for HTTP/2 Connections Vulnerability ( CVE-2018-1333)
• Apache HTTP Server mod_md Coredumps Denial of Service Vulnerability ( CVE-2018-8011)

Cisco

• Cisco ASA Web Services Denial of Service Vulnerability ( CVE-2018-0296)

PHP

• PHP fsockopen and pfsockopen functions Server-Side Request Forgery Vulnerability ( CVE-2017-7272)
• PHP i_zval_ptr_dtor (Zend/zend_variables.h) Overflow Vulnerability ( CVE-2017-9119)
• PHP zend_string_extend Integer Overflow Vulnerability ( CVE-2017-8923)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.