CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Request a Demo

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Request a Demo
Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
Trustwave SpiderLabs Team
Global researchers, ethical hackers, and responders
Trustwave Fusion Security Operations Platform
Unprecedented security visibility and control
Trustwave Security Colony
Access to cybersecurity threat protection resources
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP
Application Security

App Scanner Enterprise Updates for January 2020

January 08, 2020

**Our Knowledgebase Articles can now be viewed at: https://www3.trustwave.com/support/kb/

===== ===== ===== ===== ===== ==

Web Server Vulnerabilities Updates

===== ===== ===== ===== ===== ==

WordPress Privilege Escalation vulnerability

CVE-2019-20043

WordPress before 5.3.1 allowed an unauthenticated user to make a post sticky through the

REST API because of missing access control in

wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php.

 

WordPress Cross-Site Scripting Vulnerability

CVE-2019-20042

WordPress before 5.3.1 allowed an attacker to create a cross-site scripting attack (XSS) in

well crafted links, because of an insufficient protection mechanism in wp_targeted_link_rel

in wp-includes/formatting.php.

 

WordPress Input Validation Vulnerability

CVE-2019-20041

wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the

HTML5 colon named entity, allowing attackers to bypass input sanitization, as

demonstrated by the javascript: substring.

 

WordPress Cross-Site Scripting Vulnerability

CVE-2019-16781

In WordPress before 5.3.1, authenticated users with lower privileges (like contributors)

can inject JavaScript code in the block editor, which is executed within the dashboard.

It can lead to an admin opening the affected post in the editor leading to XSS.

 

WordPress Cross-Site Scripting Vulnerability

CVE-2019-16780

WordPress users with lower privileges (like contributors) can inject JavaScript code

in the block editor using a specific payload, which is executed within the dashboard.

This can lead to XSS if an admin opens the post in the editor. Execution of this attack

does require an authenticated user. This has been patched in WordPress 5.3.1, along

with all the previous WordPress versions from 3.7 to 5.3 via a minor release.

Automatic updates are enabled by default for minor releases and we strongly

recommend that you keep them enabled.

 

Apache Insecure Transmission of Credentials Vulnerability

CVE-2019-12418

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured

with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat

process or configuration files is able to manipulate the RMI registry to perform a

man-in-the-middle attack to capture user names and passwords used to access the JMX

interface. The attacker can then use these credentials to access the JMX interface

and gain complete control over the Tomcat instance.

 

Apache Session Fixation Vulnerability

CVE-2019-17563

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29,

8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an

attacker could perform a session fixation attack. The window was considered

too narrow for an exploit to be practical but, erring on the side of caution,

this issue has been treated as a security vulnerability.

 

PHP Information Disclosure Vulnerability

CVE-2019-11050

When PHP EXIF extension is parsing EXIF information from an image, e.g.

via exif_read_data() function, in PHP versions 7.2.x below 7.2.26,

7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data

what will cause it to read past the allocated buffer. This may lead

to information disclosure or crash.

 

PHP Information Disclosure Vulnerability

CVE-2019-11047

When PHP EXIF extension is parsing EXIF information from an image,

e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26,

7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what

will cause it to read past the allocated buffer. This may lead to

information disclosure or crash.

 

PHP Information Disclosure Vulnerability

CVE-2019-11046

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath

extension functions on some systems, including Windows, can be tricked into

reading beyond the allocated space by supplying it with string containing characters

that are identified as numeric by the OS but aren't ASCII numbers. This can read to

disclosure of the content of some memory locations.

 

PHP Improper Null Termination Vulnerability

CVE-2019-11045

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator

class accepts filenames with embedded \0 byte and treats them as terminating at that

byte. This could lead to security vulnerabilities, e.g. in applications checking

paths that the code is allowed to access.

 

PHP Improper Null Termination Vulnerability

CVE-2019-11044

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows,

PHP link() function accepts filenames with embedded \0 byte and treats them as

terminating at that byte. This could lead to security vulnerabilities, e.g. in

applications checking paths that the code is allowed to access.

Latest Software Updates

CVT Deployment 1.106.0-1

Summary The latest update to the Fusion scan engine that powers our internal and external vulnerability scanning is now available. Enjoy!

Read More

CVT Deployment 1.107.0-1

Summary The latest update to the Fusion scan engine that powers our internal and external vulnerability scanning is now available. Enjoy!

Read More

Web Application Security – ModSecurity Commercial Rules, Update for March 2024

Overview for rules released by Trustwave SpiderLabs in March for ModSecurity Commercial Rules package. The rules are available for versions 2.9.x and 3.x of ModSecurity.

Read More