TrustKeeper Scan Engine Update for November 20, 2015

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

phpMyAdmin

  • phpMyAdmin Content Spoofing Vulnerability via Redirection (CVE-2015-7873)

Moodle

  • Moodle Arbitrary Message Display Vulnerability via LTI module (CVE-2014-9060)
  • Moodle Cross-site Request Forgery Vulnerability via Forum Tracking (CVE-2014-7838)
  • Moodle Cross-site Request Forgery Vulnerability via LTI Module (CVE-2014-7836)
  • Moodle Cross-site Scripting Vulnerability via AJAX Scripts (CVE-2014-9059)
  • Moodle Cross-site Scripting Vulnerability via Feedback Module (CVE-2014-7830)
  • Moodle Cross-site Scripting Vulnerability via File Upload (CVE-2014-7835)
  • Moodle Information Disclosure Vulnerability via Database Activity Module (CVE-2014-7833)
  • Moodle Information Disclosure Vulnerability via Error Message (CVE-2014-7848)
  • Moodle Information Disclosure Vulnerability via get_grades (CVE-2014-7831)
  • Moodle Unauthorized Access Vulnerability via Wiki Activity (CVE-2014-7837)
  • Moodle Unauthorized Privilege Access Vulnerability via Group Permissions (CVE-2014-7834)
  • Moodle Unauthorized Privilege Access Vulnerability via IP Lookup (CVE-2014-7847)
  • Moodle Unauthorized Privilege Access Vulnerability via LTI module (CVE-2014-7832)
  • Moodle Unauthorized Privilege Access Vulnerability via Tags List (CVE-2014-7846)
  • Moodle Weak Password Generation Vulnerability via Temporary Passwords (CVE-2014-7845)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.