TrustKeeper Scan Engine Update for October 02, 2019

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently include 2 remote code execution vulnerability checks for Exim and vBulletin, as well as 5 additional vulnerability checks for PHP, PhpMyAdmin, VMware and Webmin.

Exim

• Exim string_vformat Heap Buffer Overflow Vulnerability (CVE-2019-16928)

PHP

• PHP EXIF Extension Function exif_read_data Heap Buffer Overflow Vulnerabilities (CVE-2019-11041, CVE-2019-11042)

PhpMyAdmin

• PhpMyAdmin setup page Cross-Site Request Forgery Vulnerability (CVE-2019-12922)

vBulletin

• vBulletin widgetConfig Code Injection Vulnerability (CVE-2019-16759)

VMware

• Missing VMware ESXi Patches (VMSA-2019-0013, VMSA-2019-0014) (CVE-2019-5535, CVE-2019-5527, CVE-2019-5534, CVE-2019-5532, CVE-2019-5531, CVE-2017-16544)

Webmin

• Webmin rpc.cgi Authenticated Eval Remote Code Execution Vulnerability (CVE-2019-15642)
• Webmin xmlrpc.cgi Authenticated XML External Entity Vulnerability (CVE-2019-15641)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.