Summary
The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!
New Vulnerability Test Highlights
Some of the more interesting vulnerability tests we added recently are as follows:
Atlassian
- Atlassian JIRA Guessable Credentials
pfSense
- pfSense Clickjacking vulnerability in CSRF error page ( CVE-2017-1000479)
- pfSense diag_system_activity.php Cross-Site Scripting vulnerability (pfSense-SA-18_02.webgui)
- pfSense pkg_mgr_install.php Cross-Site Scripting vulnerability (pfSense-SA-18_05.webgui)
- pfSense pkg_mgr_install.php Local File Include Vulnerability (pfSense-SA-18_04.webgui)
- pfSense rrd_fetch_json.php Cross-Site Scripting vulnerability in Status Monitoring base package (pfSense-SA-18_01.packages)
- pfSense status_monitoring.php Cross-Site Scripting vulnerability (pfSense-SA-17_07)
- pfSense traffic_graphs.widget.php Cross-Site Scripting vulnerability (pfSense-SA-18_03.webgui)
Ruby
- Ruby ARGF.inplace_mode method buffer overflow vulnerability ( CVE-2010-2489)
- Ruby RubyGems algorithmic complexity vulnerability ( CVE-2013-4287)
- Ruby RubyGems denial of service vulnerability ( CVE-2013-4363)
- Ruby SecureRandom.random_bytes method random number duplicated value vulnerability ( CVE-2011-2686)
PHP
WordPress
- Wordpress Core HTTPS URL Validation Failure ( CVE-2018-10100)
- Wordpress Core Password Recovery Token Brute Force Vulnerability ( CVE-2014-6412)
- Wordpress post.php Code Execution Vulnerability ( CVE-2018-12895)
How to Update?
All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.