TrustKeeper Scan Engine Update for September 02, 2015

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available.

This week we bring you 21 new vulnerability checks affecting Apache HTTP Server, Apache Tomcat, PostgreSQL and phpMyAdmin to name a few.

Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Apache

• Apache HTTP Server Denial of Service Vulnerability via Include Filter (CVE-2015-0253)
• Apache HTTP Server Bypass Access Restriction Vulnerability via Require Directive (CVE-2015-3185)
• Apache HTTP Server Request Smuggling Vulnerability via Invalid Chunk-Extension Characters (CVE-2015-3183)
• Apache Tomcat Denial of Service Vulnerability via Request Body (CVE-2014-0230)
• Apache Tomcat Security Manager Bypass Vulnerability (CVE-2014-7810)

PostgreSQL

• PostgreSQL "double free" during authentication causes daemon crash (CVE-2015-3165)
• PostgreSQL denial-of-service via SELECT with many LEFT JOINs (CVE-2010-0733)

phpMyAdmin

• phpMyAdmin Cross-site Scripting Vulnerability in setup (CVE-2015-3902)
• phpMyAdmin Cross-site Scripting Vulnerability in View Operation Page (CVE-2014-5274)
• phpMyAdmin Man in the Middle Vulnerability via Github API (CVE-2015-3903)

ISC

• ISC BIND Denial of Service Vulnerability via TKEY Queries (CVE-2015-5477)

Oracle

• Oracle MySQL January 2015 CPU Multiple Vulnerabilities (CVE-2015-0411, CVE-2015-0382, CVE-2015-0381, CVE-2015-0391, CVE-2015-0432, CVE-2015-0409, CVE-2014-6568, CVE-2015-0385, CVE-2015-0374)
• Oracle MySQL April 2015 CPU Multiple Vulnerabilities (CVE-2014-0112, CVE-2014-7809, CVE-2015-0501, CVE-2014-3569, CVE-2015-2568, CVE-2015-2575, CVE-2015-2573, CVE-2015-0500, CVE-2015-0439, CVE-2015-0508, CVE-2015-0433, CVE-2015-0423, CVE-2015-2571, CVE-2015-0438, CVE-2015-0503, CVE-2015-0441, CVE-2015-0405, CVE-2015-0505, CVE-2015-0499, CVE-2015-0506, CVE-2015-0507, CVE-2015-2567, CVE-2015-2566, CVE-2015-0511, CVE-2015-2576, CVE-2015-0498)
• Oracle Database April 2015 CPU Multiple Vulnerabilities (CVE-2015-0457, CVE-2015-0455, CVE-2015-0483, CVE-2015-0479)
• Oracle Solaris January 2015 CPU Multiple Vulnerabilities (CVE-2003-0001, CVE-2004-0230, CVE-2014-4259, CVE-2014-6480, CVE-2014-6481, CVE-2014-6509, CVE-2014-6510, CVE-2014-6518, CVE-2014-6521, CVE-2014-6524, CVE-2014-6570, CVE-2014-6575, CVE-2014-6600, CVE-2015-0375, CVE-2015-0378, CVE-2015-0397, CVE-2015-0428, CVE-2015-0429, CVE-2015-0430)
• Oracle Solaris April 2015 CPU Multiple Vulnerabilities (CVE-2015-0448, CVE-2015-0471, CVE-2015-2574, CVE-2015-2577, CVE-2015-2578)

Ruby on Rails

• Ruby on Rails Cross-site Scripting Vulnerability via JSON encoding (CVE-2015-3226)
• Ruby on Rails Denial of Service Vulnerability via jdom (CVE-2015-3227)

WordPress

• WordPress Bypass Vulnerability via edit_posts (CVE-2015-5623)
• WordPress Cross-site Scripting Vulnerability via shortcodes (CVE-2015-5622)
• WordPress Cross-site Scripting Vulnerability via wp-db.php (CVE-2015-3440)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.