Software Updates

TrustKeeper Scan Engine Update for March 21, 2018

Written by | Mar 21, 2018 9:48:00 AM

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

jQuery

  •  
  • jQuery anti-pattern for the text() and after() methods Cross-site Scripting Vulnerability ( CVE-2014-6071)
  •  
  • jQuery Core rquickExpr variable with Cross-Site Scripting Vulnerability ( CVE-2012-6708)
  •  
  • jQuery Cross-Domain Asynchronous JavaScript and Extensible Markup Language Request Cross-site Scripting Vulnerability ( CVE-2015-9251)

Nginx

  •  
  • Nginx ngx_http_range_parse Integer Overflow Vunlerability ( CVE-2017-7529)

phpMyAdmin

  •  
  • phpMyAdmin db_central_columns.php Cross-Site Scripting Vulnerability. PMASA-2018-1 ( CVE-2018-7260)

FreeBSD

Joomla

  •  
  • Joomla Chromes Module Cross-Site Scripting Vulnerability [20180101] ( CVE-2018-6380)
  •  
  • Joomla Coms_fields Cross-Site Scripting Vulnerabilities [20180102] ( CVE-2018-6377)
  •  
  • Joomla Hathor Postinstall Message SQL Injection [20180104] ( CVE-2018-6376)
  •  
  • Joomla URI Class Cross-Site Scripting Vulnerability [20180103] ( CVE-2018-6379)

NTP

PHP

  •  
  • PHP phar_extract_file Code Execution Vulnerability ( CVE-2016-4473)
  •  
  • PHP stream_get_meta_data Improper Input Validation Vulnerability ( CVE-2016-10712)
  •  
  • PHP Zend OpCache Incorrect Code Permission Vulnerability ( CVE-2015-8994)

Samba

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.