The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Highlights of the release include seven new checks for 16 vulnerabilities and added support for Elasticsearch.
New Vulnerability Test Highlights
- Elasticsearch Insecure Defaults (CVE-2014-3120)
- Oracle Solaris October 2014 Update Multiple Vulnerabilities (CVE-2014-4275, CVE-2014-4276, CVE-2014-4277, CVE-2014-4280, CVE-2014-4282, CVE-2014-4283, CVE-2014-4284, CVE-2014-6470, CVE-2014-6473, CVE-2014-6490, CVE-2014-6497, CVE-2014-6501, CVE-2014-6508, CVE-2014-6529)
- PHP exif_thumbnail Heap Corruption Vulnerability (CVE-2014-3670)
- PHP mkgmtime Denial of Service Vulnerability (CVE-2014-3668)
- PHP readelf.c Denial of Service Vulnerability (CVE-2014-3710)
- PHP Unserialize Integer Overflow Vulnerability (CVE-2014-3669)
How to Update?
All Trustwave customers using the TrustKeeper scan engine receive the updates automatically as soon as an update is available. No action is required.