Loading...
Security Resources

Software Updates

App Scanner Enterprise Updates for January 2020

**Our Knowledgebase Articles can now be viewed at: https://www3.trustwave.com/support/kb/

===== ===== ===== ===== ===== ==

Web Server Vulnerabilities Updates

===== ===== ===== ===== ===== ==

WordPress Privilege Escalation vulnerability

CVE-2019-20043

WordPress before 5.3.1 allowed an unauthenticated user to make a post sticky through the

REST API because of missing access control in

wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php.

 

WordPress Cross-Site Scripting Vulnerability

CVE-2019-20042

WordPress before 5.3.1 allowed an attacker to create a cross-site scripting attack (XSS) in

well crafted links, because of an insufficient protection mechanism in wp_targeted_link_rel

in wp-includes/formatting.php.

 

WordPress Input Validation Vulnerability

CVE-2019-20041

wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the

HTML5 colon named entity, allowing attackers to bypass input sanitization, as

demonstrated by the javascript: substring.

 

WordPress Cross-Site Scripting Vulnerability

CVE-2019-16781

In WordPress before 5.3.1, authenticated users with lower privileges (like contributors)

can inject JavaScript code in the block editor, which is executed within the dashboard.

It can lead to an admin opening the affected post in the editor leading to XSS.

 

WordPress Cross-Site Scripting Vulnerability

CVE-2019-16780

WordPress users with lower privileges (like contributors) can inject JavaScript code

in the block editor using a specific payload, which is executed within the dashboard.

This can lead to XSS if an admin opens the post in the editor. Execution of this attack

does require an authenticated user. This has been patched in WordPress 5.3.1, along

with all the previous WordPress versions from 3.7 to 5.3 via a minor release.

Automatic updates are enabled by default for minor releases and we strongly

recommend that you keep them enabled.

 

Apache Insecure Transmission of Credentials Vulnerability

CVE-2019-12418

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured

with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat

process or configuration files is able to manipulate the RMI registry to perform a

man-in-the-middle attack to capture user names and passwords used to access the JMX

interface. The attacker can then use these credentials to access the JMX interface

and gain complete control over the Tomcat instance.

 

Apache Session Fixation Vulnerability

CVE-2019-17563

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29,

8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an

attacker could perform a session fixation attack. The window was considered

too narrow for an exploit to be practical but, erring on the side of caution,

this issue has been treated as a security vulnerability.

 

PHP Information Disclosure Vulnerability

CVE-2019-11050

When PHP EXIF extension is parsing EXIF information from an image, e.g.

via exif_read_data() function, in PHP versions 7.2.x below 7.2.26,

7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data

what will cause it to read past the allocated buffer. This may lead

to information disclosure or crash.

 

PHP Information Disclosure Vulnerability

CVE-2019-11047

When PHP EXIF extension is parsing EXIF information from an image,

e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26,

7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what

will cause it to read past the allocated buffer. This may lead to

information disclosure or crash.

 

PHP Information Disclosure Vulnerability

CVE-2019-11046

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath

extension functions on some systems, including Windows, can be tricked into

reading beyond the allocated space by supplying it with string containing characters

that are identified as numeric by the OS but aren't ASCII numbers. This can read to

disclosure of the content of some memory locations.

 

PHP Improper Null Termination Vulnerability

CVE-2019-11045

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator

class accepts filenames with embedded \0 byte and treats them as terminating at that

byte. This could lead to security vulnerabilities, e.g. in applications checking

paths that the code is allowed to access.

 

PHP Improper Null Termination Vulnerability

CVE-2019-11044

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows,

PHP link() function accepts filenames with embedded \0 byte and treats them as

terminating at that byte. This could lead to security vulnerabilities, e.g. in

applications checking paths that the code is allowed to access.