New Vulnerability Test Highlights
Some of the more interesting vulnerability tests we added recently are as follows:
Cisco
- Cisco ASA TLS Denial of Service Vulnerability (cisco-sa-20180418-asa3 and CSCve18902) ( CVE-2018-0231)
cPanel
- cPanel Multiple Vulnerabilities (TSR-2018-0003)
phpBB
- phpBB includes/startup.php Cross-Site Scripting Vulnerability ( CVE-2015-1431)
- phpBB message_options function Cross-Site Request Forgery Vulnerability ( CVE-2015-1432)
- phpBB redirect function Open Redirect Vulnerability ( CVE-2015-3880)
Webmin
- Webmin syslog/save_log.cgi Unrestricted Access to Arbitrary Files Vulnerability ( CVE-2018-8712)
PostgreSQL
- PostgreSQL function pg_logfile_rotate Improper Access Control Vulnerability (2018-05-10 Security Update) ( CVE-2018-1115)
Miscellaneous
- Remote Registry Accessible (Internal Scan)
- SMB Null Sessions Supported (Internal Scan)
- SSL Certificate is Not Trusted (Internal Scan)
FreeBSD
- FreeBSD Kernel Local Privilege Escalation Vulnerability via Mishandling of Debug Exceptions (FreeBSD-SA-18:06.debugreg) ( CVE-2018-8897)
Squid
- Squid ESI Response Processing Denial of Service (SQUID-2018:3) ( CVE-2018-1172)
How to Update?
All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.