TrustKeeper Scan Engine Update for April 04, 2018

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Cisco

• Cisco IOS Smart Install Client Remote Code Execution Vulnerability (cisco-sa-20180328-smi2 and CSCvg76186) ( CVE-2018-0171)

cPanel

• cPanel Multiple Vulnerabilities (TSR-2018-0002)

Drupal

• Drupal Core Lack of HTTP Header Validation (SA-CORE-2016-003) ( CVE-2016-5385)
• Drupal Core Multiple Vulnerabilities (SA-CORE-2018-001) ( CVE-2017-6932, CVE-2017-6931, CVE-2017-6930, CVE-2017-6929, CVE-2017-6928, CVE-2017-6927, CVE-2017-6926)
• Drupal Core Open Redirect (SA-CORE-2015-004) ( CVE-2015-7943)
• Drupal Core Remote Code Execution (SA-CORE-2018-002) ( CVE-2018-7600)

Microsoft

• Microsoft Exchange Server Outlook Web App (OWA) Elevation of Privilege Vulnerability (2018-Mar) ( CVE-2018-0940)
• Microsoft Exchange Server Outlook Web App (OWA) Information Disclosure Vulnerability (2018-Mar - CVE-2018-0941) ( CVE-2018-0941)
• Microsoft Exchange Server Outlook Web App (OWA) Information Disclosure Vulnerability (2018-Mar) ( CVE-2018-0924)

OpenSSL

• OpenSSL Broken Implementation of CRYPTO_memcmp on HP-UX/PA-RISC (SecAdv 20180327) ( CVE-2018-0733)
• OpenSSL Recursive ASN.1 Types DoS (SecAdv 20180327) ( CVE-2018-0739)

PostgreSQL

• PostgreSQL uncontrolled search path element in pg_dump and other client applications (Security Update 2018-03-01) ( CVE-2018-1058)

WordPress

• Wordpress Plugin Askimet Stored Cross-site Scripting

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.