TrustKeeper Scan Engine Update for February 21, 2020

Written by | Feb 24, 2020 7:38:00 AM

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

ClamAV

ClamAV Data-Loss-Prevention Feature Denial of Service Vulnerability (CVE-2020-3123)

FreeBSD

FreeBSD IPsec Package Reply Vulnerability (FreeBSD-SA-20:02.ipsec) (CVE-2019-5613)
FreeBSD Kernel Stack Data Disclosure Vulnerability (FreeBSD-SA-20:03.thrmisc) (CVE-2019-15875)
FreeBSD libfetch Buffer Overflow Vulnerability (FreeBSD-SA-20:01.libfetch) (CVE-2020-7450)

Joomla

Joomla Core Account Creation Privilege Escalation Vulnerability (20120303) (CVE-2012-1563)
Joomla Core batch actions Cross-Site Request Forgery Vulnerability (20200101) (CVE-2020-8419)
Joomla Core com_actionlogs Cross-Site Scripting Vulnerability (20200103) (CVE-2020-8421)
Joomla Core com_mailto Timeout Bypass Vulnerability (20090723) (CVE-2011-4912)
Joomla Core com_templates Cross-Site Request Forgery Vulnerability (20200102) (CVE-2020-8420)
Joomla Core filter_order SQL Injection Vulnerability (20110201) (CVE-2011-1151)
Joomla Core index.php Cross-Site Scripting Vulnerabilities (20110902) (CVE-2011-3595)
Joomla Core Information Exposure Vulnerability (20111002) (CVE-2011-4937)
Joomla Core JEXEC Path Disclosure Vulnerability (20090722) (CVE-2011-4907)
Joomla Core Password Reset Vulnerability (20120304) (CVE-2012-1562)

Microsoft

Microsoft Exchange Server Elevation of Privilege Vulnerability (2020-Feb) (CVE-2020-0692)
Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability (2020-Feb) (CVE-2020-0688)
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability (2020-Feb) (CVE-2020-0618)
Microsoft Windows February 2020 Security Updates Missing (CVE-2020-0736, CVE-2020-0732, CVE-2020-0709, CVE-2020-0792, CVE-2020-0751, CVE-2020-0716, CVE-2020-0757, CVE-2020-0661, CVE-2018-8267, CVE-2020-0689, CVE-2020-0767, CVE-2020-0756, CVE-2020-0755, CVE-2020-0754, CVE-2020-0753, CVE-2020-0752, CVE-2020-0750, CVE-2020-0749, CVE-2020-0748, CVE-2020-0747, CVE-2020-0746, CVE-2020-0745, CVE-2020-0744, CVE-2020-0743, CVE-2020-0742, CVE-2020-0741, CVE-2020-0740, CVE-2020-0739, CVE-2020-0738, CVE-2020-0737, CVE-2020-0735, CVE-2020-0734, CVE-2020-0731, CVE-2020-0730, CVE-2020-0729, CVE-2020-0728, CVE-2020-0727, CVE-2020-0726, CVE-2020-0725, CVE-2020-0724, CVE-2020-0723, CVE-2020-0722, CVE-2020-0721, CVE-2020-0720, CVE-2020-0719, CVE-2020-0717, CVE-2020-0715, CVE-2020-0714, CVE-2020-0713, CVE-2020-0712, CVE-2020-0711, CVE-2020-0710, CVE-2020-0708, CVE-2020-0707, CVE-2020-0706, CVE-2020-0705, CVE-2020-0704, CVE-2020-0703, CVE-2020-0701, CVE-2020-0698, CVE-2020-0691, CVE-2020-0686, CVE-2020-0685, CVE-2020-0683, CVE-2020-0682, CVE-2020-0681, CVE-2020-0680, CVE-2020-0679, CVE-2020-0678, CVE-2020-0677, CVE-2020-0676, CVE-2020-0675, CVE-2020-0674, CVE-2020-0673, CVE-2020-0672, CVE-2020-0671, CVE-2020-0670, CVE-2020-0669, CVE-2020-0668, CVE-2020-0667, CVE-2020-0666, CVE-2020-0665, CVE-2020-0663, CVE-2020-0662, CVE-2020-0660, CVE-2020-0659, CVE-2020-0658, CVE-2020-0657, CVE-2020-0655)

PHP

PHP fsockopen Improper Input Validation Vulnerability (CVE-2017-7189)

Splunk

Splunk Patch Missing (SP-CAAAH32) (CVE-2013-6772)
Splunk Patch Missing (SP-CAAAHXG) (CVE-2013-0166, CVE-2013-0169, CVE-2013-6773, CVE-2012-6447)

Squid

Squid Proxy Cache ext_lm_group_acl Denial of Service Vulnerability (SQUID-2020:3) (CVE-2020-8517)
Squid Proxy Cache FTP Gateway Information Disclosure Vulnerability (SQUID-2020:2) (CVE-2019-12528)
Squid Proxy Cache HTTP Request Input Validation Vulnerability (SQUID-2020:1) (CVE-2020-8450, CVE-2020-8449)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

View full post