TrustKeeper Scan Engine Update - January 23, 2013

The latest update to the TrustKeeper Scan Engine is now available!

This update includes coverage for over 30 vulnerabilities for products such as Apache Tomcat, Microsoft Windows, ASP.Net, and Atlassian Jira as well as many under the hood improvments to the scan engine.

As always, this update also includes improvements to existing tests and better evidence reporting.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Microsoft
* Vulnerabilities in .NET Framework Could Allow Remote Code Execution (MS12-074) (CVE-2012-1895, CVE-2012-1896, CVE-2012-2519, CVE-2012-4776, CVE-2012-4777)
* Vulnerabilities in .NET Framework Could Allow Remote Code Execution (MS13-004) (CVE-2013-0001, CVE-2013-0002, CVE-2013-0003, CVE-2013-0004)
* Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (MS13-005) (CVE-2013-0008)
* Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution (MS13-001) (CVE-2013-0011)

Apache
* Apache Tomcat Cross-site Request Forgery Bypass (CVE-2012-4431)
* Apache Tomcat setUserPrincipal Form Security Bypass (CVE-2012-3546)

Jira
* JIRA XSS Vulnerability in ConfigureReleaseNote.jspa (CVE-2006-3338)
* JIRA Information Disclosure Vulnerability in projectId (CVE-2006-3339)
* JIRA Multiple Security Bypass Weaknesses (CVE-2007-6617, CVE-2007-6618, CVE-2007-6619)
* JIRA WebWork 1 Parameter Injection Hole (CVE-2008-6531)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates "auto-magically" as soon as an update is available. No action is required.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.