Summary
The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!
New Vulnerability Test Highlights
Some of the more interesting vulnerability tests we added recently are as follows:
cPanel
- cPanel Multiple Vulnerabilities (TSR-2018-0001)
Drupal
HTTP/2
- Cleartext connections allowed over HTTP/2
ISC Bind
- ISC Bind improper fetch cleanup sequencing Denial of Service (AA-01542) (CVE-2017-3145)
Oracle
- Oracle Database CPU January 2018 (CVE-2017-10282, CVE-2017-12617, CVE-2018-2575, CVE-2018-2680)
- Oracle MySQL January 2018 CPU Multiple Vulnerabilities (CVE-2018-2703, CVE-2018-2696, CVE-2018-2668, CVE-2018-2667, CVE-2018-2665, CVE-2018-2647, CVE-2018-2646, CVE-2018-2645, CVE-2018-2640, CVE-2018-2622, CVE-2018-2612, CVE-2018-2600, CVE-2018-2590, CVE-2018-2586, CVE-2018-2583, CVE-2018-2576, CVE-2018-2573, CVE-2018-2565, CVE-2017-3737, CVE-2018-2591, CVE-2018-2562)
- Oracle Solaris OS January 2018 CPU (CVE-2018-2560, CVE-2018-2577, CVE-2018-2717, CVE-2018-2578, CVE-2018-2710)
- Oracle Weblogic Server CPU January 2018 (CVE-2017-10352, CVE-2018-2625, CVE-2017-5645)
PfSense
- PfSense Base System Arbitrary Code Execution (pfSense-SA-17_10)
- PfSense status_filter_reload.php Cross-Site Scripting vulnerability (pfSense-SA-17_11)
Squid
- Squid ESI Response processing Denial of Service (SQUID-2018:1)
- Squid HTTP Message processing Denial of Service (SQUID-2018:2)
How to Update?
All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.