Loading...
Security Resources

Software Updates

TrustKeeper Scan Engine Update for November 20, 2020

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!


New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Atlassian Jira

  • Atlassian Jira ActionsAndOperations Issue Key Enumeration (CVE-2020-14185)
  • Atlassian Jira Issue Filter Export File Cross-Site Scripting (CVE-2020-14184)

Cisco

  • Cisco Adaptive Security Appliance Software SSL/TLS Denial of Service Vulnerability (cisco-sa-asa-ssl-dos-7uZWwSEy and CSCvt64822) (CVE-2020-27124)
  • Cisco ASA Bleichenbacher Attack Vulnerability (cisco-sa-asaftd-tls-bb-2g9uWkP) (CVE-2020-3585)
  • Cisco ASA Denial of Service Vulnerability (cisco-sa-asaftd-dos-QFcNEPfx) (CVE-2020-3554)
  • Cisco ASA FTP Inspection Bypass Vulnerability (cisco-sa-asaftd-ftpbypass-HY3UTxYu) (CVE-2020-3564)
  • Cisco ASA IP Fragment Memory Leak Vulnerability (cisco-sa-asaftd-frag-memleak-mCtqdP9n) (CVE-2020-3373)
  • Cisco ASA SIP Denial of Service Vulnerability (cisco-sa-asaftd-sipdos-3DGvdjvg) (CVE-2020-3555)
  • Cisco ASA SSL/TLS Session Denial of Service Vulnerability (cisco-sa-asa-ftd-tcp-dos-N3DMnU4T) (CVE-2020-3572)
  • Cisco ASA Web Services File Upload Denial of Service Vulnerability (cisco-sa-asaftd-fileup-dos-zvC7wtys) (CVE-2020-3436)
  • Cisco ASA Web-Based Management Interface Reflected Cross-Site Scripting Vulnerability (cisco-sa-asa-rxss-L54Htxp) (CVE-2020-3599)
  • Cisco ASA WebVPN CRLF Injection Vulnerability (cisco-sa-asa-ftd-crlf-inj-BX9uRwSn) (CVE-2020-3561)
  • Cisco ASA-FXOS Software Command Injection Vulnerability (cisco-sa-fxos-cmdinj-pqZvmXCr) (CVE-2020-3457)

Debian (Credentialed Checks)

Microsoft

Oracle

  • Oracle WebLogic Patch Bypass Remote Command Execution (CVE-2020-14750)

Red Hat (Credentialed Checks)

Samba

Ubuntu (Credentialed Checks)

WordPress

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.