TrustKeeper Scan Engine Update - June 3, 2013

Summary

The latest update to the TrustKeeper Scan Engine is now available. It adds coverage for more than 50 vulnerabilities, including several recent Cisco and Ruby on Rails vulnerabilities. It also continues to greatly expands our vulnerability coverage for Moodle CMS, adding more than 30 new vulnerability tests for it.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Cisco
* Cisco ASA hash lookup DoS (CSCue31622) (CVE-2012-5415)
* Cisco ASA Xlates Table Exhaustion Vulnerability (CSCue46386) (CVE-2013-1138)
* Cisco IOS Software HTTP Server Denial of Service Vulnerability (CSCuc53853) (CVE-2013-1100)
* Cisco IOS Software Network Address Translation Vulnerability (cisco-sa-20130327-nat) (CVE-2013-1142)
* Cisco IOS Software Smart Install Denial of Service Vulnerability (cisco-sa-20130327-smartinstall) (CVE-2013-1146)

Ruby on Rails

* Potential Query Manipulation with Common Rails Practices (CVE-2013-3221)
* Ruby on Rails SQL Injection in Active Record (CVE-2012-2661)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.