Security Resources

Software Updates

TrustKeeper Scan Engine Update for June 16, 2016


The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:


  • Denial of Service by a memory leak in the WebVPN subsystem in Cisco Adaptive Security Appliance (CVE-2015-0619)
  • Denial of Service due to insufficient validation of DHCPv6 packets in Cisco ASA (CVE-2016-1367)
  • Denial of Service through a memory Leak in the SIP inspection engine for Cisco ASA (CVE-2014-2154)
  • Denial of Service through an Injection Vulnerability in SSL VPN code of Cisco ASA (CVE-2014-3399)
  • Denial of service through mishandles IPsec error processing in Cisco ASA (CVE-2016-1379)
  • Denial of Service through the Secure Real -Time Transport Protocol library in Cisco ASA (CVE-2015-6360)
  • Denial of Service Vulnerability through DHCP6 in Cisco ASA (CVE-2014-2182)
  • Denial of Service Vulnerability through RADIUS in Cisco ASA (CVE-2014-3264)
  • Information Disclosure Vulnerability in Cisco ASA (CVE-2014-2181)
  • VPN Bypass Vulnerability in Cisco ASA (CVE-2014-8023)


  • OpenSSL buffer over-read and Denial of Service via crafted EBCDIC ASN.1 data (CVE-2016-2176)
  • OpenSSL Denial of Service via short invalid encoding (CVE-2016-2109)
  • OpenSSL EVP_EncodeUpdate overflow (CVE-2016-2105)
  • OpenSSL EVP_EncryptUpdate overflow (CVE-2016-2106)
  • OpenSSL negative zero memory corruption can cause Denial Of Service (CVE-2016-2108)
  • OpenSSL padding-oracle attack against an AES CBC session could lead to successful Man-in-the-middle (CVE-2016-2107)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.