TrustKeeper Scan Engine Update for July 23, 2019

Written by | Jul 24, 2019 9:36:00 AM

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Cisco

Cisco ASA and Cisco Firepower Threat Defense Software MOBIKE Denial of Service Vulnerability (cisco-sa-20190501-asa-ftd-ike-dos) (CVE-2019-1708)
Cisco ASA Cross-Site Request Forgery Vulnerability (cisco-sa-20190501-asa-csrf) (CVE-2019-1713)
Cisco ASA IPsec Denial of Service Vulnerability (cisco-sa-20190501-asa-ipsec-dos) (CVE-2019-1706)
Cisco ASA Low-Entropy Keys Vulnerability (cisco-sa-20190501-asa-ftd-entropy) (CVE-2019-1715)
Cisco ASA VPN SAML Authentication Bypass Vulnerability (cisco-sa-20190501-asaftd-saml-vpn) (CVE-2019-1714)
Cisco ASA WebVPN Cross-Site Scripting Vulnerability (cisco-sa-20180418-asawvpn) (CVE-2018-0242)

Atlassian

Atlassian JIRA - Epic Name Ordering Denial of Service Vulnerability (CVE-2019-11583)
Atlassian JIRA - Server-Side Template Injection Vulnerability (CVE-2019-11581)

VMWare

Missing VMware ESXi Patch (VMSA-2019-0011) (CVE-2019-5528)

FreeBSD

FreeBSD iconv Buffer Overflow Vulnerability (FreeBSD-SA-19:09.iconv) (CVE-2019-5600)
FreeBSD Kernel CD Driver Privilege Escalation Vulnerability (FreeBSD-SA-19:11.cd_ioctl) (CVE-2019-5602)
FreeBSD Kernel UFS/FFS Stack Disclosure Vulnerability (FreeBSD-SA-19:10.ufs) (CVE-2019-5601)

Microsoft

Microsoft Exchange Information Disclosure Vulnerability (2019-Jul) (CVE-2019-1084)
Microsoft Exchange Server 2019 Unsupported Cumulative Update
Microsoft Exchange Server Elevation of Privilege Vulnerability (2019-Jul) (CVE-2019-1136)
Microsoft Exchange Server Spoofing Vulnerability (2019-Jul) (CVE-2019-1137)
Microsoft SQL Server Remote Code Execution Vulnerability (2019-Jul) (CVE-2019-1068)

MySQL

MySQL Critical Patch Update - July 2019 (CVE-2019-2731, CVE-2019-2730, CVE-2019-2879, CVE-2019-2834, CVE-2019-2830, CVE-2019-2826, CVE-2019-2822, CVE-2019-2819, CVE-2019-2815, CVE-2019-2814, CVE-2019-2812, CVE-2019-2811, CVE-2019-2810, CVE-2019-2808, CVE-2019-2805, CVE-2019-2803, CVE-2019-2802, CVE-2019-2801, CVE-2019-2800, CVE-2019-2797, CVE-2019-2796, CVE-2019-2795, CVE-2019-2791, CVE-2019-2789, CVE-2019-2785, CVE-2019-2784, CVE-2019-2780, CVE-2019-2778, CVE-2019-2774, CVE-2019-2758, CVE-2019-2757, CVE-2019-2752, CVE-2019-2741, CVE-2019-2740, CVE-2019-2739, CVE-2019-2738, CVE-2019-2737, CVE-2019-3822, CVE-2019-2798, CVE-2019-2755, CVE-2019-2747, CVE-2019-2746, CVE-2019-2743)

Oracle

Oracle Database CPU July 2019 Advisory (CVE-2019-2799, CVE-2019-2776, CVE-2019-2753, CVE-2018-15769, CVE-2018-11057, CVE-2018-11056, CVE-2018-11055, CVE-2018-11054, CVE-2016-9572, CVE-2016-8610, CVE-2016-6306, CVE-2016-2183, CVE-2016-0701, CVE-2018-11058, CVE-2019-2749, CVE-2019-2569)
Oracle Enterprise Manager CPU July 2019 (CVE-2018-11775, CVE-2018-8039, CVE-2019-0222, CVE-2019-1559)
Oracle Weblogic Server - Web Services XMLDecoder Deserialization Remote Code Execution Vulnerability (CVE-2019-2729)

Squid

Squid cachemgr.cgi Cross Site Scripting Vulnerability (CVE-2019-13345)
Squid HTTP Basic Authentication Denial of Service Vulnerability (SQUID-2019:2) (CVE-2019-12529)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

View full post