Loading...
Security Resources

Software Updates

TrustKeeper Scan Engine Update for June 05, 2020

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!


New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Apache

  • Apache Tomcat session persistence Remote Code Execution Vulnerability (CVE-2020-9484)

ClamAV

cPanel

Drupal

  • Drupal drupal_goto function Open Redirect Vulnerability(SA-CORE-2020-003)
  • Drupal jQuery dom manipulation Cross Site Scripting Vulnerability(SA-CORE-2020-002) (CVE-2020-11023, CVE-2020-11022)

ESXi

Exim

  • Exim deliver.c Improper Validation Vulnerability (Sandworm) (CVE-2019-10149)

Fortinet

  • Fortinet FortiOS Detected
  • Fortinet FortiOS SSL VPN Path Traversal (CVE-2018-13379)

FreeBSD

  • FreeBSD cryptodev Denial of Service Vulnerability (FreeBSD-SA-20:16.cryptodev) (CVE-2019-15880)
  • FreeBSD cryptodev Use-after-free Vulnerability (FreeBSD-SA-20:15.cryptodev) (CVE-2019-15879)
  • FreeBSD Kernel SCTP-AUTH Use-after-free Vulnerability (FreeBSD-SA-20:14.sctp) (CVE-2019-15878)
  • FreeBSD libalias Insufficient Validation Vulnerability (FreeBSD-SA-20:12.libalias) (CVE-2020-7454)
  • FreeBSD libalias Memory Disclosure Vulnerability (FreeBSD-SA-20:13.libalias) (CVE-2020-7455)

ISC

  • ISC BIND DNS Graph Fetch Limit Vulnerability (NXNSAttack) (CVE-2020-8616)
  • ISC BIND tsig.c Crafted Message Vulnerability (CVE-2020-8617)

jQuery

  • JQuery load method Cross Site Scripting Vulnerability (CVE-2020-7656)

MongoDB

  • MongoDB RoleGraph IP Source Address Protection Bypass (CVE-2020-7921)

NTP

  • NTP ntpd mode 3/5 broadcast Denial Of Service Vulnerability (CVE-2018-8956)

OpenVPN

PHP

  • PHP rfc1867.c File Upload Denial-of-Service Vulnerability (CVE-2019-11048)

PostgreSQL

  • PostgreSQL Windows Installer Arbitrary Code Execution Vulnerability (CVE-2020-10733)

Red Hat Enterprise Linux

Ubuntu

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.