Security Resources

Software Updates

TrustKeeper Scan Engine Update for April 04, 2018

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Cisco

  • Cisco IOS Smart Install Client Remote Code Execution Vulnerability (cisco-sa-20180328-smi2 and CSCvg76186) ( CVE-2018-0171)

cPanel

  • cPanel Multiple Vulnerabilities (TSR-2018-0002)

Drupal

Microsoft

  • Microsoft Exchange Server Outlook Web App (OWA) Elevation of Privilege Vulnerability (2018-Mar) ( CVE-2018-0940)
  • Microsoft Exchange Server Outlook Web App (OWA) Information Disclosure Vulnerability (2018-Mar - CVE-2018-0941) ( CVE-2018-0941)
  • Microsoft Exchange Server Outlook Web App (OWA) Information Disclosure Vulnerability (2018-Mar) ( CVE-2018-0924)

OpenSSL

  • OpenSSL Broken Implementation of CRYPTO_memcmp on HP-UX/PA-RISC (SecAdv 20180327) ( CVE-2018-0733)
  • OpenSSL Recursive ASN.1 Types DoS (SecAdv 20180327) ( CVE-2018-0739)

PostgreSQL

  • PostgreSQL uncontrolled search path element in pg_dump and other client applications (Security Update 2018-03-01) ( CVE-2018-1058)

WordPress

  • Wordpress Plugin Askimet Stored Cross-site Scripting

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.