Security Resources

Software Updates

TrustKeeper Scan Engine Update for November 21, 2018

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!


New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Apache

  • PHP Apache2 component (sapi_apache2.c) Cross-Site Scripting Vulnerability (CVE-2018-17082)

Atlassian Jira

  • Atlassian Jira Multiple Cross-site Scripting Vulnerabilities through Epic Color field (CVE-2018-13395)
  • Atlassian Jira ProfileLinkUserFormat component Information Leak (CVE-2018-13391)

ClamAV

cPanel

  • cPanel frontend/THEME/raw/index.html Cross-site Scripting Vulnerability (CVE-2018-16236)

VMware

Nginx

PhpMyAdmin

  • PhpMyAdmin File Import (Sql.php) Cross-site Scripting Vulnerability (PMASA-2018-5) (CVE-2018-15605)

PostgreSQL

  • PostgreSQL pg_upgrade and pg_dump SQL Injection Vulnerability (CVE-2018-16850)

DoublePulsar Backdoor

  • SMB DoublePulsar Backdoor

OpenSSL

  • OpenSSL DSA Signature Generation Timing Vulnerability (CVE-2018-0734)
  • OpenSSL ECC Scalar Multiplication Microarchitecture Timing Vulnerability (CVE-2018-5407)
  • OpenSSL ECDSA Signature Generation Timing Vulnerability (CVE-2018-0735)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.