TrustKeeper Scan Engine Update for March 09, 2016

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Cisco

  • Cisco ASA Internet Key Exchange Remote Command Execution (CVE-2016-1287)

FILL_ME_IN_MANUALLY

  • Bind vulnerable to DoS via a malformed Address Prefix List (APL) record (CVE-2015-8704)
  • Bind vulnerable to DoS via OPT pseudo-RR data or ECS options (CVE-2015-8705)
  • Multiple Cross-site Scripting Vulnerabilities in Open Source Point of Sale (CVE-2015-0299)
  • nginx Resolver: invalid pointer dereference (CVE-2016-0742)
  • OpenSourcePOS Authentication Brute Force
  • phpMyAdmin Cross-site Framing in setup.php (CVE-2008-3456)
  • phpMyAdmin Cross-site scripting in normalization page (CVE-2016-2043)
  • phpMyAdmin Cross-site scripting in setup.php (CVE-2008-3457)
  • phpMyAdmin Cross-site scripting vulnerability in SQL editor (CVE-2016-2045)
  • phpMyAdmin Cross-site scripting when register_globals is enabled (CVE-2008-2960)
  • phpMyAdmin Full path disclosure in common.inc.php (CVE-2016-2038)
  • phpMyAdmin Full path disclosure in SQL parser (CVE-2016-2044)
  • phpMyAdmin Information Disclosure in AES.php and Rijndael.php (CVE-2016-2042)
  • phpMyAdmin Insecure XSRF/CSRF token comparison (CVE-2016-2041)
  • phpMyAdmin Insecure XSRF/CSRF token generation (CVE-2016-2039)
  • phpMyAdmin Multiple authenticated Cross-site scripting Vulnerabilities (CVE-2016-2040)
  • phpMyAdmin Setup Script Cross-Site Request Forgery Vulnerability. (CVE-2009-4605)
  • Windows Remote Management Default/Guessable Credentials
  • phpMyAdmin Insecure random number generation for password suggestion (CVE-2016-1927)

Microsoft

PHP

  • phpMyAdmin Setup Script PHP Injection Vulnerability (CVE-2010-3055)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.