TrustKeeper Scan Engine Update - May 15, 2013

The latest update to the TrustKeeper Scan Engine is now available. It adds coverage for more than two dozen vulnerabilities, including several recent Ruby on Rails vulnerabilities. It also greatly expands our vulnerability coverage for Moodle CMS, with 20 new vulnerability tests. Additionally, with official support from Microsoft for Windows XP ending in less than a year, we have added an informational notice for detected Windows XP systems, reminding customers that support (and security fixes) will be ending soon.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Microsoft
* Microsoft Windows XP End of Life

Ruby on Rails
* Ruby on Rails attr_protected Method Bypass in Active Record (CVE-2013-0276)
* Ruby on Rails limit Function SQL Injection Vulnerability (CVE-2011-0448)
* Ruby on Rails Nested Attributes Remote Arbitrary Record Modification (CVE-2010-3933)
* Ruby on Rails Serialized Attributes Denial of Service in Active Record (CVE-2013-0277)

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.