Network Security

TrustKeeper Scan Engine Update for March 21, 2018

March 21, 2018

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

jQuery

jQuery anti-pattern for the text() and after() methods Cross-site Scripting Vulnerability ( CVE-2014-6071)
jQuery Core rquickExpr variable with Cross-Site Scripting Vulnerability ( CVE-2012-6708)
jQuery Cross-Domain Asynchronous JavaScript and Extensible Markup Language Request Cross-site Scripting Vulnerability ( CVE-2015-9251)

Nginx

Nginx ngx_http_range_parse Integer Overflow Vunlerability ( CVE-2017-7529)

phpMyAdmin

phpMyAdmin db_central_columns.php Cross-Site Scripting Vulnerability. PMASA-2018-1 ( CVE-2018-7260)

FreeBSD

FreeBSD IPSEC Incorrect Validation Vulnerability (FreeBSD-SA-18:01.ipsec) ( CVE-2018-6916)
FreeBSD NTP Multiple vulnerabilities (FreeBSD-SA-18:02.ntp) ( CVE-2018-7185, CVE-2018-7184, CVE-2018-7170, CVE-2018-7182, CVE-2018-7183)

Joomla

Joomla Chromes Module Cross-Site Scripting Vulnerability [20180101] ( CVE-2018-6380)
Joomla Coms_fields Cross-Site Scripting Vulnerabilities [20180102] ( CVE-2018-6377)
Joomla Hathor Postinstall Message SQL Injection [20180104] ( CVE-2018-6376)
Joomla URI Class Cross-Site Scripting Vulnerability [20180103] ( CVE-2018-6379)

NTP

NTP Ephemeral Association Vulnerability (February 2018 Advisory) ( CVE-2016-1549, CVE-2018-7170)
NTP gen_md5 (ntp-keygen) Insufficient Entropy Vulnerability ( CVE-2015-3405)
NTP Interleaved Symmetric Mode Denial of Service (February 2018 Advisory) ( CVE-2018-7184)
NTP Multiple Vulnerabilities (before 4.2.8p7) ( CVE-2015-8140, CVE-2015-8139)
NTP Multiple Vulnerabilities (February 2018 Advisory) ( CVE-2018-7183, CVE-2018-7182)
NTP ntp_proto.c Denial of Service (February 2018 Advisory) ( CVE-2018-7185)

PHP

PHP phar_extract_file Code Execution Vulnerability ( CVE-2016-4473)
PHP stream_get_meta_data Improper Input Validation Vulnerability ( CVE-2016-10712)
PHP Zend OpCache Incorrect Code Permission Vulnerability ( CVE-2015-8994)

Samba

Samba Authenticated users can change other user's password and Denial of Service ( CVE-2018-1050, CVE-2018-1057)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

Latest Software Updates

DbProtect 6.6.12 and AppDetectivePRO 10.10 Now Available

Announcing DbProtect Suite Release 6.6.12 For any additional information, navigate to the Database Security folder in the File Cabinet of the Support section in the Trustwave Fusion platform.

DbProtect Suite release 6.6.11 Now Available

Announcing DbProtect Suite Release 6.6.11 We're excited to announce that with this release, we have implemented several security updates and additional checks to enhance the overall protection of...

Fare Thee Well ModSecurity: End-of-Life and Last Commercial Rules Update for June 2024

A Fourteen Year Journey Comes to an End.

Experiencing a security breach?