Loading...
Security Resources

Software Updates

TrustKeeper Scan Engine Update for December 18, 2020

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!


New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Apache

  • Apache Tomcat HTTP/2 Request Mix-Up Vulnerability (CVE-2020-17527) (CVE-2020-17527)

Atlassian Jira

  • Atlassian Jira Automation Template Injection Vulnerability (CVE-2020-14193)

Debian

FreeBSD

  • FreeBSD ICMPv6 Use-after-free Vulnerability (FreeBSD-SA-20:31.icmp6) (CVE-2020-7469)
  • FreeBSD OpenSSL NULL pointer de-reference Vulnerability (FreeBSD-SA-20:33.openssl) (CVE-2020-1971)
  • FreeBSD rtsold Multiple Vulnerabilities (FreeBSD-SA-20:32.rtsold) (CVE-2020-25577)

Microsoft

MongoDB

  • MongoDB $elemMatch Crafted Query Denial of Service (CVE-2018-20805)
  • MongoDB $lookup Denial of Service Vulnerability (CVE-2019-2393)
  • MongoDB $mod Operator Denial of Service Vulnerability (CVE-2019-2392)
  • MongoDB applyOps Crafted Invocation Denial of Service (CVE-2018-20804)
  • MongoDB Compressor Manager Denial of Service Vulnerability (CVE-2019-20925)
  • MongoDB IndexBoundsBuilder Denial of Service Vulnerability (CVE-2019-20924)
  • MongoDB Javascript Denial of Service Vulnerability (CVE-2019-20923)
  • MongoDB Memory Read Overrun Vulnerability (CVE-2020-7928)
  • MongoDB Name Parser Denial of Service Vulnerability (CVE-2020-7925)
  • MongoDB Process Loop Denial of Service Vulnerability (CVE-2018-20803)
  • MongoDB QueryPlanner Crafted Query Denial of Service (CVE-2018-20802)
  • MongoDB Server Selection Crafted Query Denial of Service (CVE-2020-7926)

OpenSSL

  • OpenSSL EDIPartyName NULL Pointer Dereference (CVE-2020-1971) (CVE-2020-1971)

Red Hat (Credentialed Checks)

Ubuntu (Credentialed Checks)

cPanel

SolarWind

  • SolarWinds Orion SUNBURST malware

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.