Loading...
Security Resources

Software Updates

TrustKeeper Scan Engine Update for November 20, 2019

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!


New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Atlassian Jira

  • Atlassian Jira Inline-create Rest Permissions Bypass (CVE-2018-20826)
  • Atlassian Jira Login.jsp Information Disclosure (CVE-2019-8448)

VMware ESXi

Netgear

  • Netgear Device Web GUI Password Recovery and Exposure (CVE-2017-5521)

Squid

  • Squid HTTP Digest Authentication Information Disclosure Vulnerability (SQUID-2019:11) (CVE-2019-18679)
  • Squid HTTP message processing HTTP Request Splitting Vulnerability (SQUID-2019:10) (CVE-2019-18678)
  • Squid HTTP Request processing Cross-Site Request Forgery Vulnerability (SQUID-2019:9) (CVE-2019-18677)
  • Squid URI processing Multiple Vulnerabilities (SQUID-2019:8) (CVE-2019-18676, CVE-2019-12523)
  • Squid URN processing Heap Overflow Vulnerability (SQUID-2019:7) (CVE-2019-12526)

ISC BIND

  • ISC BIND DHCPv6 Denial Of Service Vulnerability (CVE-2019-6470)

Joomla

  • Joomla com_template Cross-Site Request Forgery (20191001) (CVE-2019-18650)
  • Joomla Path Disclosure in Phpuft8 Mapping Files Vulnerability (20191002) (CVE-2019-18674)

Microsoft

  • Microsoft Exchange Server Remote Code Execution Vulnerability (2019-Nov) (CVE-2019-1373)

ProFTPD

Samba

  • Samba AD DC Broken Password Complexity Vulnerability (CVE-2019-14833)
  • Samba AD DC LDAP Server Get Changes Denial of Service Vulnerability (CVE-2019-14847)
  • Samba libsmbclient Filename Input Validation Vulnerability (CVE-2019-10218)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.