Trustwave Web Application Firewall Signature Update 4.52 Now Available

Trustwave Spiderlabs is pleased to announce the release of CorSigs version 4.52 for Trustwave Web Application Firewall (WAF) versions 8.5 and 9.0. These rules are written to detect attacks or classes of attacks on web applications and their components.

Release Summary

This release includes an out of date rules cleanup and the following new signatures inclusion:

  • CVE-2017-9429: WordPress Plugin Event List < 0.7.8 SQLi
    The Event List plugin before 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the vulnerable parameter.
  • WordPress Plugin Huge-IT Video Gallery 2.0.4 SQLi
    The Huge-IT Video Gallery 2.0.4 plugin for WordPress allows an authenticated user to execute arbitrary SQL commands via the vulnerable parameter.
  • WordPress Plugin Ultimate Product Catalogue 4.2.2 SQLi
    The Ultimate Product Catalogue 4.2.2 plugin for WordPress allows an authenticated user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-9603: WordPress Plugin WP Jobs 1.5 SQLi
    The WP Jobs plugin before 1.5 for WordPress allows an authenticated user to execute arbitrary SQL commands via the vulnerable parameter.
  • WordPress Plugin Easy Modal 2.0.17 SQLi
    The Easy Modal 2.0.17 plugin for WordPress allows an authenticated user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE- 2014-9734: WordPress Slider Revolution Responsive LFI
    The Slider Revolution plugin before 4.2 for WordPress allows an remote attacker to read arbitrary files via vulnerable parameter.
  • CVE-2017-14507: WordPress Plugin Content Timeline 4.4.2 SQLi
    The Content Timeline 4.4.2 plugin allows a remote attackers to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-14842: WordPress Plugin SMSmaster SQLi
    Multipurpose SMS Gateway for Wordpress allows an attacker to execute arbitrary SQL commands via the vulnerable parameter.
  • WordPress Plugin Car Park Booking SQLi
    Car Park Booking plugin for WordPress allows an attacker to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-3549: Oracle E-Business Suite 12.2.3 - IESFOOTPRINT SQLi
    Oracle Scripting component of Oracle E-Business Suite 12.X allows an unauthenticated attacker to execute arbitrary SQL commands via the vulnerable component.
  • CVE-2017-10246: Oracle E-Business Suite 12.x SSRF
    Oracle Application Object Library component of Oracle E-Business 12.x allows unauthenticated attacker with network access via HTTP to compromise vulnerable component, resulting with server data corruption or leakage.
  • CVE-2017-10271: Oracle WebLogic RCE
    Oracle WebLogic Server before 10.3.6 for Oracle Fusion Middleware allows an unauthenticated attacker with network access via T3 to compromise vulnerable component, resulting with possible server takeover.
  • CVE-2017-3506: Oracle WebLogic RCE
    Oracle WebLogic Server before 10.3.6 of Oracle Fusion Middleware allows an unauthenticated attacker with network access via T3 to compromise vulnerable component, resulting with possible sensitive information leakage and corruption.
  • WordPress Plugin JTRT Responsive Tables 4.1 SQLi
    The JTRT Responsive Tables 4.1 plugin for WordPress allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-10682: WordPress Plugin Piwigo 2.9.1 SQLi
    The Piwigo 2.9.1 for WordPress allows a remote user to execute arbitrary SQL commands via the vulnerable parameter..
  • Joomla! Component NextGen Editor 2.1.0 SQLi
    The NextGen Editor 2.1.0 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component JB Visa 1.0 SQLi
    The JB Visa 1.0 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-17870: Joomla! Component JBuildozer 1.4.1 SQLi
    The JBuildozer 1.4.1 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

How to Update

No action is required by customers running versions 8.5 or 9.0 of Trustwave Web Application Firewall and whom subscribe to the online update feature. Their deployments will update automatically.

Please note that even if blocking actions are defined for a protected site, Simulation Mode for these rules is ON by default in order to allow site managers to inspect the impact of new rules before blocking relevant traffic. If you want to activate blocking actions for this rule, you must update the Actions for this signature in the Policy Manager.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.