We're back from a great time in Vegas and Defcon to bring you yet another TrustKeeper Scan Engine update. This time around we're bringing coverage for 12 new vulnerabilities which includes a bunch of coverage for Adobe Coldfusion as well as coverage for a new PHP vulnerability that could result in a denial of service. Tune in next time for more of the same.
New Vulnerability Test Highlights
Some of the more interesting vulnerability tests we added recently are as follows:
Adobe
* Adobe ColdFusion Unspecified Information Disclosure Vulnerability (CVE-2013-3336)
* Adobe ColdFusion Unspecified Remote Code Execution Vulnerability (CVE-2013-1389)
* Multiple Vulnerabilities in Adobe ColdFusion 8.0 (CVE-2011-0629, CVE-2011-2091, CVE-2011-2463, CVE-2011-4368, CVE-2011-0580, CVE-2011-0581, CVE-2011-0582, CVE-2011-0583, CVE-2011-0584, CVE-2011-0735, CVE-2012-0770)
* Multiple Vulnerabilities in Adobe ColdFusion 8.0.1 (CVE-2011-0629, CVE-2011-2091, CVE-2011-2463, CVE-2011-4368, CVE-2011-0580, CVE-2011-0581, CVE-2011-0582, CVE-2011-0583, CVE-2011-0584, CVE-2011-0735, CVE-2012-0770)
* Multiple Vulnerabilities in Adobe ColdFusion 9.0 (CVE-2011-0629, CVE-2011-2091, CVE-2011-2463, CVE-2011-4368, CVE-2011-0580, CVE-2011-0581, CVE-2011-0582, CVE-2011-0583, CVE-2011-0584, CVE-2011-0735, CVE-2012-0770, CVE-2012-1389, CVE-2012-3336)
* Multiple Vulnerabilities in Adobe ColdFusion 9.0.1 (CVE-2011-0629, CVE-2011-2091, CVE-2011-2463, CVE-2011-4368, CVE-2011-0580, CVE-2011-0581, CVE-2011-0582, CVE-2011-0583, CVE-2011-0584, CVE-2011-0735, CVE-2012-0770, CVE-2012-1389, CVE-2012-3336)
* Multiple Vulnerabilities in Adobe ColdFusion 9.0.2 (CVE-2012-1389, CVE-2012-3336)
PHP
* PHP Heap Corruption in XML Parser Vulnerability (CVE-2013-4113)
How to Update?
All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.