TrustKeeper Scan Engine Update - September 17, 2013

The latest and greatest release of the TrustKeeper Scanning Engine is here. This update contains coverage for 14 new vulnerabilities, including tests for Oracle Database Server, Oracle MySQL Server, PHP, Apache HTTP Server and more.

This update also contains many improvements to current tests and many other improvements to the engine itself.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Apache

• Apache HTTP Server mod_session_dbd Session ID Reuse Vulnerability (CVE-2013-2249)

Microsoft

• Vulnerabilities in .NET Framework Could Allow Remote Code Execution (MS13-052) (CVE-2013-3129, CVE-2013-3131, CVE-2013-3132, CVE-2013-3133, CVE-2013-3134, CVE-2013-3171)

Oracle

• Oracle Database July 2013 Security Update For Multiple Vulnerabilities (CVE-2013-3751, CVE-2013-3760, CVE-2013-3771, CVE-2013-3774, CVE-2013-3789, CVE-2013-3790)
• Oracle MySQL July 2013 Security Update Multiple Vulnerabilities (CVE-2013-3783, CVE-2013-3793, CVE-2013-3794, CVE-2013-3795, CVE-2013-3796, CVE-2013-3798, CVE-2013-3801, CVE-2013-3802, CVE-2013-3804, CVE-2013-3805, CVE-2013-3806, CVE-2013-3807, CVE-2013-3808, CVE-2013-3809, CVE-2013-3810, CVE-2013-3811, CVE-2013-3812)

PHP

• PHP Parsing Vulnerability in openssl_x509_parse Function (CVE-2013-4248)

Serv-U

• Serv-U Denial of Service via Large SMNT Commands (CVE-2009-0967)
• Serv-U Directory Traversal via MKD Commands (CVE-2008-4501)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as it's available. No action is required.