Loading...
Security Resources

Software Updates

TrustKeeper Scan Engine Update for October 11, 2021

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!


New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Apache

  • Apache HTTP Server httpd core NULL Pointer Dereference Vulnerability (CVE-2021-34798)
  • Apache HTTP Server mod_proxy Server-Side Request Forgery Vulnerability (CVE-2021-40438)
  • Apache HTTP Server mod_proxy_uwsgi Out Of Bound Read Vulnerability (CVE-2021-36160)
  • Apache Tomcat NIO OpenSSL Denial of Service Vulnerability (CVE-2021-41079)

Atlassian Jira

  • Atlassian Jira Email Template Code Injection Vulnerability (CVE-2021-39128)
  • Atlassian Jira gadget endpoint Denial of Service Vulnerability (CVE-2021-39123)
  • Atlassian Jira GIF Reader Denial of Service Vulnerability (CVE-2021-39116)
  • Atlassian Jira password reset page Username Enumeration Vulnerability (CVE-2021-39125)
  • Atlassian Jira private projects Information Disclosure Vulnerability (CVE-2021-39121)
  • Atlassian Jira render API endpoint Enumeration Vulnerability (CVE-2021-39118)
  • Atlassian Jira replay crafted request Cross-Site Request Forgery Vulnerability (CVE-2021-39124)
  • Atlassian Jira restapi search Information Disclosure Vulnerability (CVE-2021-39122)
  • Atlassian Jira whitelist endpoint Broken Access Control Vulnerability (CVE-2019-20101)

Adobe

CentOS

Debian

Drupal

  • Drupal Core HTTP APIs Acess Bypass Vulnerability (SA-CORE-2021-008) (CVE-2020-13675)
  • Drupal Core JSON:API Acess Bypass Vulnerability (SA-CORE-2021-010) (CVE-2020-13677)
  • Drupal Core Media Cross Site Request Forgery (SA-CORE-2021-006) (CVE-2020-13673)
  • Drupal Core QuickEdit Acess Bypass Vulnerability (SA-CORE-2021-009) (CVE-2020-13676)
  • Drupal Core QuickEdit Cross Site Request Forgery (SA-CORE-2021-007) (CVE-2020-13674)

Fedora

FreeBSD

Microsoft

Oracle

  • Oracle WebLogic Server Console JNDI Injection Vulnerability (CVE-2021-2109) (CVE-2021-2109)
  • Oracle WebLogic Server Console Remote Code Execution Vulnerability (CVE-2020-14882) (CVE-2020-14882)

Red Hat (Credentialed Checks)

Ubuntu (Credentialed Checks)

WordPress

  • WordPress block editor Information Disclosure Vulnerability (CVE-2021-39203)
  • WordPress Custom HTML Cross-Site Scripting Vulnerability (CVE-2021-39202)
  • WordPress unfiltered_html Cross-Site Scripting Vulnerability (CVE-2021-39201)
  • WordPress wp_die() Information Disclosure Vulnerability (CVE-2021-39200)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.