TrustKeeper Scan Engine Update - August 12, 2013

We're back from a great time in Vegas and Defcon to bring you yet another TrustKeeper Scan Engine update. This time around we're bringing coverage for 12 new vulnerabilities which includes a bunch of coverage for Adobe Coldfusion as well as coverage for a new PHP vulnerability that could result in a denial of service. Tune in next time for more of the same.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Adobe
* Adobe ColdFusion Unspecified Information Disclosure Vulnerability (CVE-2013-3336)
* Adobe ColdFusion Unspecified Remote Code Execution Vulnerability (CVE-2013-1389)
* Multiple Vulnerabilities in Adobe ColdFusion 8.0 (CVE-2011-0629, CVE-2011-2091, CVE-2011-2463, CVE-2011-4368, CVE-2011-0580, CVE-2011-0581, CVE-2011-0582, CVE-2011-0583, CVE-2011-0584, CVE-2011-0735, CVE-2012-0770)
* Multiple Vulnerabilities in Adobe ColdFusion 8.0.1 (CVE-2011-0629, CVE-2011-2091, CVE-2011-2463, CVE-2011-4368, CVE-2011-0580, CVE-2011-0581, CVE-2011-0582, CVE-2011-0583, CVE-2011-0584, CVE-2011-0735, CVE-2012-0770)
* Multiple Vulnerabilities in Adobe ColdFusion 9.0 (CVE-2011-0629, CVE-2011-2091, CVE-2011-2463, CVE-2011-4368, CVE-2011-0580, CVE-2011-0581, CVE-2011-0582, CVE-2011-0583, CVE-2011-0584, CVE-2011-0735, CVE-2012-0770, CVE-2012-1389, CVE-2012-3336)
* Multiple Vulnerabilities in Adobe ColdFusion 9.0.1 (CVE-2011-0629, CVE-2011-2091, CVE-2011-2463, CVE-2011-4368, CVE-2011-0580, CVE-2011-0581, CVE-2011-0582, CVE-2011-0583, CVE-2011-0584, CVE-2011-0735, CVE-2012-0770, CVE-2012-1389, CVE-2012-3336)
* Multiple Vulnerabilities in Adobe ColdFusion 9.0.2 (CVE-2012-1389, CVE-2012-3336)

PHP
* PHP Heap Corruption in XML Parser Vulnerability (CVE-2013-4113)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.