TrustKeeper Scan Engine Update - June 12, 2013

The latest update to the TrustKeeper Scan Engine is now available. It adds coverage for more than a dozen vulnerabilities, including several recent nginx and Cisco ASA vulnerabilities. It expands our vulnerability coverage for Joomla, with 9 new vulnerability tests. It also includes some performance enhancements to the web crawling module to help speed up scan times on slow performing web servers.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Cisco
* Cisco ASA traceback in IKE Daemon while handling IKEv1 message (CSCub85692) (CVE-2013-1149)
* Cisco ASA time-range object may have no effect (CSCuf79091) (CVE-2013-1195)
* Cisco ASA Race Condition in the CIFS implementation (CSCub58996) (CVE-2013-1199)

Joomla

* Joomla! PATH_INFO XSS Vulnerability (CVE-2011-4910)
* Joomla! HTTP_REFERER XSS Vulnerability (CVE-2011-4909)
* Joomla! Information Disclosure Vulnerability (CVE-2012-0821)
* Joomla! Unspecified XSS Vulnerability (CVE-2012-0820)
* Joomla! Error Log Disclosure Vulnerability (CVE-2012-0836)
* Joomla! Installation Path Disclosure (CVE-2012-0837)
* Joomla! Administrator Related Information Leakage Vulnerability (CVE-2012-0835)
* Joomla! Update Manager XSS vulnerability (CVE-2012-1612)
* Joomla! Administrator Back End Information Leakage Vulnerability (CVE-2012-1611)

nginx
* nginx HTTP Server memory disclosure via HTTP backend responses (CVE-2013-2070)
* nginx HTTP Server Chunked Encoding Stack Buffer Overflow (CVE-2013-2028)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.