TrustKeeper Scan Engine Update - October 3, 2013

We're back and bringing you another TrustKeeper Scan Engine update. This time we've got coverage for 19 new vulnerabilities including coverage for a bunch of Adobe Coldfusion, Microsoft and Wordpress vulns. We've also made some improvements to our web application scanning to better detect cross-site scripting, SQL injection and local and remote file inclusion vulnerabilities.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Adobe

• Administration Console Access Vulnerability in Adobe ColdFusion (APSB13-10) (CVE-2013-1388)

• ColdFusion Components Access Vulnerability in Adobe ColdFusion (APSB13-19) (CVE-2013-3350)

• Denial of Service Vulnerability in Adobe ColdFusion (APSB12-21) (CVE-2012-2048)

• Denial of Service Vulnerability in Adobe ColdFusion with Adobe JRun (APSB13-19) (CVE-2013-3349)

• Sandbox Restriction Bypass Vulnerability in Adobe ColdFusion (APSB12-26) (CVE-2012-5675)

• User Impersonation Vulnerability in Adobe ColdFusion (APSB13-10) (CVE-2013-1387)

Microsoft

• Denial of Service Vulnerability in Adobe ColdFusion with Microsoft IIS (APSB12-25) (CVE-2012-5674)

• Microsoft DNS Resolver Service Vulnerability (CVE-2012-1194)

Wordpress

• Information Disclosure Vulnerability in Wordpress (CVE-2013-2203)

• Local File Inclusion Vulnerability in Wordpress (CVE-2013-2202)

• Privilege Escalation Vulnerability in Wordpress (CVE-2013-2200)

• Server Side Request Vulnerability in Wordpress (CVE-2013-2199)

How Do I Update My TrustKeeper Scan Engine?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.