The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available.

This week we've included 7 new vulnerabilities, which relate to FreeBSD and generic web application misconfiguration issues.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

FreeBSD

• FreeBSD Kernel Memory Disclosure Vulnerability in setlogin/getlogin (FreeBSD-SA-14:25.setlogin) (CVE-2014-8476)
• FreeBSD namei Kernel Memory Disclosure Vulnerability (FreeBSD-SA-14:22.namei) (CVE-2014-3711)
• FreeBSD routed Remote Denial of Service Vulnerability (FreeBSD-SA-14:21.routed) (CVE-2014-3955)
• FreeBSD rtsold Remote Buffer Overflow Vulnerability (FreeBSD-SA-14:20.rtsold) (CVE-2014-3954)
• FreeBSD sshd Denial of Service Vulnerability (FreeBSD-SA-14:24.sshd) (CVE-2014-8475)

Generic

• Information disclosure via sitemap.xml
• Non-Secure Session Cookies Identified

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.