TrustKeeper Scan Engine Update for March 11, 2021

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Apache

• Apache Tomcat h2c Request Mix-Up Vulnerability (CVE-2021-25122)
• Apache Tomcat session persistence Remote Code Execution Vulnerability (CVE-2021-25329) (CVE-2021-25329)

Atlassian Jira

• Atlassian Jira Pre-authorization File Read Vulnerability (CVE-2020-29453)

Microsoft

• Microsoft Exchange Server Server-Side Request Forgery Active Check (CVE-2021-26855) (CVE-2021-26855)
• Microsoft Exchange Server Multiple Vulnerabilities (2021-March) (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-26412, CVE-2021-26854, CVE-2021-27078)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.