Security Resources

Software Updates

TrustKeeper Scan Engine Update - March 22, 2013

Remember two weeks ago when we said it was almost time for Spring? Well, it's certainly not that time here in Chicago. It's more winter than ever with even more on the horizon. Hopefully someone somewhere is warm.

In any case, today is the time for the release of the most recent update to the TrustKeeper scan engine. We've included 7 new vulnerability tests that include tests for Apache, PHP and Cisco. This update also contains a whole bunch of improvements to current tests and many other improvements to the engine itself. Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

* Apache HTTP Server XSS Vulnerabilities via Hostnames (CVE-2012-3499, CVE-2012-4558)

* Cisco UCM SIP Processing Memory Leak DoS (CSCtl86047) (CVE-2011-2072)

* PHP GENERATE_SEED() Weak Random Number Seed Vulnerability (CVE-2008-2107, CVE-2008-2108)
* PHP rand and mt_rand Function Weaknesses (CVE-2008-4107)
* PHP SOAP Extension open basedir Read Restriction Bypass (CVE-2013-1643)
* PHP SOAP Extension open basedir Write Restriction Bypass (CVE-2013-1635)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.