The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. A highlight of the update is an additional check for the recently disclosed Shellshock vulnerability in GNU Bash (CVE-2014-6271) via the Pure-FTPd vector. Total, this release includes five new checks with coverage for more than a dozen vulnerabilities.
New Vulnerability Test Highlights
Some of the more interesting vulnerability tests we added recently are as follows:
- Joomla! Host Header Cross Site Scripting Vulnerability (CVE-2012-3828)
- Joomla! Host Header Installation Path Disclosure Vulnerability (CVE-2012-3829)
- Oracle Database July 2014 (CVE-2013-3751, CVE-2013-3774, CVE-2014-4236, CVE-2014-4237, CVE-2014-4245)
- Oracle MySQL July 2014 CPU (CVE-2014-2484, CVE-2014-4258, CVE-2014-4260, CVE-2014-2494, CVE-2014-4238, CVE-2014-4207, CVE-2014-4233, CVE-2014-4240, CVE-2014-4214, CVE-2014-4243)
How to Update?
All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.