Loading...
Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

AppDetectivePRO and DbProtect Knowledgebase Update 4.46

This month's update for our AppDetectivePRO and DbProtect Knowledgebase is now available.

Knowledgebase version 4.46 includes new checks for vulnerabilities and configuration issues in MySQL and Oracle data stores.

New Vulnerability and Configuration Check Highlights

MySQL

  • Critical Patch Update - January 2015
    • Check version to determine if the database contains vulnerabilities described by Critical Patch Update - January 2015
    • Relevant CVEs: CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0385, CVE-2015-0391, CVE-2015-0409, CVE-2015-0411, CVE-2015-0432
    • Risk: High
  • Load Data Local not disabled
    • Verify whether Load Data Local is disabled.
    • Risk: Medium

Oracle

  • Critical Patch Update/Patch Set Update - January 2015
    • Check version to determine if the database contains vulnerabilities described by Critical Patch Update - January 2015
    • Relevant CVEs: CVE-2014-6514, CVE-2014-6541, CVE-2014-6567, CVE-2014-6577, CVE-2014-6578, CVE-2015-0370, CVE-2015-0371, CVE-2015-0373
    • Risk: High
  • Access to PKI authentication private key
    • Check the value of WALLET_LOCATION parameter to identify the location of wallets.
    • Risk: Informational

How to Update?

All AppDetectivePRO and DbProtect customers can download the latest Knowledgebase Update 4.46 by visiting the Trustwave support portal at https://trustwave.com/Company/Support and selecting either the AppDetectivePRO or DbProtect product.

AppDetectivePRO customers can also update their deployment by launching the "Updater" within the product.

Recent SpiderLabs Blog Posts