The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Highlights of the release include new checks for 20 vulnerabilities
New Vulnerability Test Highlights
AllegroSoft
AllegroSoft RomPager Misfortune Cookie Vulnerability (CVE-2014-9222, CVE-2014-9223)
Cisco
Cisco IOS ISR Entropy Collection Denial of Service (CSCul77897, CVE-2014-3347)
Cisco IOS Metadata Vulnerability (CSCug75942, CVE-2014-3355)
Cisco IOS Multicast Domain Name System Vulnerabilities (cisco-sa-20140924-mdns, CVE-2014-3357, CVE-2014-3358)
Cisco IOS Multicast Virtual Private Network Data Leak (cisco-sa-20080326-mvpn, CVE-2008-1156)
Cisco IOS Network Address Translation Vulnerability (CSCun54071, CVE-2014-3361)
Cisco IOS RSVP Vulnerability (CSCui11547, CVE-2014-3354)
Juniper
Juniper NetScreen ScreenOS DNS Lookup Denial of Service (CVE-2014-3813)
Juniper NetScreen ScreenOS Malformed IPv6 Packets Denial of Service (CVE-2014-3814)
OpenSSL
OpenSSL Bignum squaring may produce incorrect results (CVE-2014-3570)
OpenSSL Certificate fingerprints can be modified (CVE-2014-8275)
OpenSSL DH client certificates accepted without verification (CVE-2015-0205)
OpenSSL DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
OpenSSL DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
OpenSSL MiTM Vulnerability in ssl23_get_client_hello function (CVE-2014-3511)
OpenSSL no-ssl3 configuration sets method to NULL (CVE-2014-3569)
phpMyAdmin
phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in ENUM value (CVE-2014-7217)
Zimbra
Zimbra Local File Include Vulnerability (CVE-2013-7091)
How to Update?
All Trustwave customers using the TrustKeeper scan engine receive the updates automatically as soon as an update is available. No action is required.
