Trustwave Web Application Firewall Signature Update 4.37 now available

We have just released signature update 4.37 for users of Trustwave Web Application Firewall (WAF) version 7.0.

These new rules help protect users' web applications against malicious traffic targeting the vulnerabilities listed below.

Release Summary

Vulnerability Name:

Microsoft SharePoint XSS (CVE-2015-1640)

  • WAF Version: 7.0
  • Rules Version: 4.37

A cross-site scripting vulnerability exists in Microsoft SharePoint that could allow for the execution of malicious code within a SharePoint user's browser.

Vulnerability Name:

JBoss JMXInvokerServlet Remote Command Execution

  • WAF Version: 7.0
  • Rules Version: 4.37

A Misconfiguration is present in Jboss 4.x and 5.x where the JMXInvoker is accessible without authentication. An attacker who supplied a malicious serialized Java object to the JMXInvoker servlet can cause remote code to execute on the server.

Vulnerability Name:

4.2 SQL Column truncation Cross Site Scripting

  • WAF Version: 7.0
  • Rules Version: 4.37

The WordPress core is susceptible to a Cross Site Scripting (XSS) vulnerability prior to version 4.2.1. This vulnerability arises due to how WordPress handles excessively long comments as they are inserted into the database. This XSS vulnerability can be used to perform actions on behalf of WordPress administrators when they view a malicious comment that allows for remote code execution.

Vulnerability Name:

Microsoft IISHTTP.sysDOS/RCE (CVE-2015-1635)

  • WAF Version: 7.0
  • Rules Version: 4.37

A vulnerabilityexists in several versions of the Microsoft Windows HTTP stack whereby an attacker can send a malicious request to a server instance that is built using the HTTP.sys Windows library (i.e. IIS). The vulnerability is caused by large integer being provided via the Range header. The presence of this malicious header may cause the server to crash or remotely execute code.

Vulnerability Name:

Microsoft SharePoint XSS (CVE-2015-1640)

  • WAF Version: 7.0
  • Rules Version: 4.37

A cross-site scripting vulnerability exists in Microsoft SharePoint that could allow for the execution of malicious code within a SharePoint user's browser.

How to Update

No action is required of customers that run version 7.0 of Trustwave Web Application Firewall and subscribe to the online update feature. Their deployments will receive the update automatically.

Note that even if blocking actions are defined for a protected site, simulation mode for this rule is ON by default so that site managers can inspect the impact of new rules before actually blocking relevant traffic. If you would like to activate blocking actions for this rule, you need to update the Actions for this signature in the Policy Manager.

 

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.