TrustKeeper Scan Engine Update – July 29, 2014

Summary

The latest update to the TrustKeeper Scan Engine is now available. Highlights of the update include coverage for 15 new vulnerabilities and expanded version coverage for PHP.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Apache

  • Apache HTTP Server mod_deflate Denial of Service Vulnerability (CVE-2014-0118)
  • Apache HTTP Server mod_status Race Condition Vulnerability in Lua Request (CVE-2014-0226)
  • Apache HTTP Server winnt_accept Denial of Service Vulnerability (CVE-2014-3523)
  • Apache Tomcat AJP Request Denial of Service (CVE-2014-0095)
  • Apache Tomcat Chunk Request Denial of Service (CVE-2014-0075)
  • Apache Tomcat HTTP Request Smuggling Vulnerability (CVE-2014-0099)
  • Apache Tomcat Information Disclosure via External XML Entities (CVE-2014-0096)

PHP

phpMyAdmin

  • phpMyAdmin Cross-site Scripting Vulnerability in PMA_getHtmlForActionLinks (CVE-2014-4954)
  • phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in AJAX Confirmation Message (CVE-2014-4986)
  • phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in Favorites Table (CVE-2014-4348)
  • phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in Hide Action (CVE-2014-4349)
  • phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in PMA_TRI_getRowForList (CVE-2014-4955)
  • phpMyAdmin Privilege Escalation Vulnerability in User Group Features (CVE-2014-4987)

Miscellaneous

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.