Summary
The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!
New Vulnerability Test Highlights
Some of the more interesting vulnerability tests we added recently are as follows:
Apache
- Apache Tomcat AJP Request Injection Vulnerability (Ghostcat) (CVE-2020-1938)
- Apache Tomcat end-of-line HTTP Request Smuggling Vulnerability (CVE-2020-1935)
- Apache Tomcat Regression HTTP Request Smuggling Vulnerability (CVE-2019-17569)
Fortinet
OpenVPN
- OpenVPN Access Server LDAP Authentication Bypass Vulnerability (CVE-2020-8953)
Pulse Secure Connect
- Pulse Connect Secure Web Interface Command Injection (SA44101) (CVE-2019-11539)
PHP
- PHP mbfl_filt_conv_big5_wchar Function Buffer Overflow Vulnerability (CVE-2020-7060)
- PHP php_strip_tags_ex Function Out-of-Bounds Read Vulnerability (CVE-2020-7059)
- PHP Post Handler add_post_var Use After Free Vulnerability (CVE-2014-3622)
PostgreSQL
- PostgreSQL ALTER ... DEPENDS ON EXTENSION Missing Authentication (CVE-2020-1720)
cPanel
- cPanel clientconf.html and detailbw.html Pages Cross Site Scripting Vulnerability (CVE-2012-6449)
How to Update?
All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.