Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers – is the security community’s go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Trustwave Web Application Firewall November 2014 signature update now available

We have just released the November 2014 signature update for users of the new Trustwave Web Application Firewall version 7.0.

These new rules help protect users' web applications against malicious traffic targeting the vulnerabilities listed below.

Release Summary

Vulnerability Name

WAF
Version

Rules
Version

Vulnerability Description

Microsoft IIS Tilde Enumeration Vulnerability

7.0

4.34

A vulnerability exists in several versions of Microsoft IIS which an attacker can use to disclose sensitive information from the server and enumerate files and directories.

WordPress TimThumb Plugin Command Injection (CVE-2014-4663)

7.0

4.34

The TimThumb plugin for WordPress prior to version 2.8.14 contains a command injection vulnerability when the WebShot feature is enabled that allows remote attackers to execute operating system commands.

Drupal Core SQL Injection (CVE-2014-3704)

7.0

4.34

A vulnerability in Drupal core 7.x versions prior to 7.32 allows an attacker to send specially crafted requests resulting in arbitrary SQL execution that can lead to privilege escalation, arbitrary PHP execution, or other attacks. This vulnerability can be exploited by anonymous users.

Shellshock (Generic)

7.0

4.34

GNU Bash through 4.3 bash43-030 might allow remote attackers to write to files or possibly have other, unknown impact via a crafted environment variables. This release includes new protections in addition to more generic protections released in the previous update. Related CVEs include CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186 and CVE-2014-7187.

How to Update

No action is required of customers that run version 7.0 of Trustwave Web Application Firewall and subscribe to the online update feature. Their deployments will receive the update automatically.

Note that even if blocking actions are defined for a protected site, simulation mode for this rule is ON by default so that site managers can inspect the impact of new rules before actually blocking relevant traffic. If you would like to activate blocking actions for this rule, you need to update the Actions for this signature in the Policy Manager.

Recent SpiderLabs Blog Posts