Loading...
Security Resources

Software Updates

TrustKeeper Scan Engine Update for September 18, 2019

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Coverage for the recent Exim RCE vulnerability (CVE-2019-15846) is included. Enjoy!


New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Exim

  • Exim TLS Privileged Remote Code Execution Vulnerability (CVE-2019-15846)

Microsoft

  • Microsoft Exchange Server Denial of Service Vulnerability (2019-Sep) (CVE-2019-1233)
  • Microsoft Exchange Server Spoofing Vulnerability (2019-Sep) (CVE-2019-1266)

MongoDB

  • MongoDB Authentication Denial of Service Vulnerability (SERVER-24378) (CVE-2016-3104)
  • MongoDB LDAP Improper Authentication Vulnerability (SERVER-20691) (CVE-2015-7882)
  • MongoDB Malformed BSON Denial of Service Vulnerability (SERVER-17264) (CVE-2015-1609)
  • MongoDB Mongo Shell History File Information Leak Vulnerability (SERVER-25335) (CVE-2016-6494)
  • MongoDB Packaged Unix System V Init Scripts Denial of Service Vulnerability (SERVER-40563) (CVE-2019-2389)
  • MongoDB Remote Denial of Service Vulnerability (SERVER-17521) (CVE-2015-2705)
  • MongoDB Server User Session Reuse Vulnerability (SERVER-38984) (CVE-2019-2386)
  • MongoDB Snappy Library functions Multiple vulnerabilities (SERVER-31273) (CVE-2017-15535)
  • MongoDB Windows Package Dependencies Improper Handling of Privileges Vulnerability (SERVER-42233) (CVE-2019-2390)
  • MongoDB WiredTiger Log Path Traversal Vulnerability (WT-2711) (CVE-2017-12926)

OpenSSL

  • OpenSSL ECDSA Remote Timing Attack Vulnerability (CVE-2019-1547)
  • OpenSSL PKCS7_dataDecode and CMS_decrypt_set1_pkey Padding Oracle Vulnerabilities (CVE-2019-1563)
  • OpenSSL Shared RNG State Vulnerability (CVE-2019-1549)

Samba

  • Samba SMB Server Access Control Bypass Vulnerability (CVE-2019-10197)

WordPress

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.