Software Updates

TrustKeeper Scan Engine Update for February 21, 2018

Written by | Feb 22, 2018 11:11:00 AM

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Apache

  • Apache Tomcat Header Injection via CORS Filter (CVE-2017-7674)
  • Apache Tomcat incorrectly documented CGI search algorithm (CVE-2017-15706)
  • Apache Tomcat JSP Upload Remote Code Execution Vulnerability (CVE-2017-12617)

OpenSSH

  • OpenSSH Out-of-sequence NEWKEYS Message Denial of Service Vulnerability (OpenSSH 7.4 Release) (CVE-2016-10708)
  • OpenSSH X11 Security Bypass Vulnerability (OpenSSH 7.2 Release) (CVE-2016-10708)

phpMyAdmin

  • phpMyAdmin common.inc.php Password Restriction Bypass Vulnerability PMASA-2017-8
  • phpMyAdmin Cookie Attribute Injection Attack PMASA-2017-5 (CVE-2017-1000016)
  • phpMyAdmin Cross-Site Request Forgery Vulnerability PMASA-2017-9 (CVE-2017-1000499)
  • phpMyAdmin index.inc.php Open Redirect Vulnerability. PMASA-2017-1 (CVE-2017-1000013)
  • phpMyAdmin php-gettext Library Code Execution Vulnerability. PMASA-2017-2 (CVE-2015-8980)
  • phpMyAdmin Replication Server Side Request Forgery Vulnerability PMASA-2017-6 (CVE-2017-1000017)
  • phpMyAdmin Replication Status Denial of Service Vulnerability PMASA-2017-7 (CVE-2017-1000018)
  • phpMyAdmin Table Editing Denial of Service Vulnerability PMASA-2017-3 (CVE-2017-1000014)
  • phpMyAdmin Themes CSS injection PMASA-2017-4 (CVE-2017-1000015)

PostgreSQL

Microsoft

  • Microsoft Patch Tuesday February 2018

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.