TrustKeeper Scan Engine Update - December 12, 2013

It's that time again for another TrustKeeper Scan Engine Update and you didn't even need to put it on your Amazon Wish-list. This release contains mostly Ruby-based vulnerabilities with a couple more Cisco ASA/IOS vulnerabilities for a total of 18 new vulnerability checks.

As always, this release contains improvements to existing tests and their associate evidence to help aid in vulnerability remediation activities.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:


  • Cisco ASA Certificate Processing Denial of Service Vulnerability (CSCuh19462) (CVE-2013-3458)
  • Cisco ASA Next-Generation Firewall Fragmented Traffic Denial of Service Vulnerability (CSCue88387) (CVE-2013-3382)
  • Cisco IOS GET VPN Encryption Policy Bypass Vulnerability (CSCui07698) (CVE-2013-3436)
  • OSPF LSA Manipulation Vulnerability in Multiple Cisco Products (cisco-sa-20130801-lsaospf) (CVE-2013-0149)


  • Nokia IPSO Voyager Readfile.TCL Arbitrary File Read


  • Ruby Denial of Service and Unsafe Object Creation Vulnerability in JSON (CVE-2013-0269)
  • Ruby Heap Overflow in Floating Point Parsing (CVE-2013-4164)
  • Ruby Hostname check bypassing vulnerability in SSL client (CVE-2013-4073)
  • Ruby Object taint bypassing in DL and Fiddle in Ruby (CVE-2013-2065)

Ruby on Rails

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.