We're back and bringing you another TrustKeeper Scan Engine update. This time we've got coverage for 19 new vulnerabilities including coverage for a bunch of Adobe Coldfusion, Microsoft and Wordpress vulns. We've also made some improvements to our web application scanning to better detect cross-site scripting, SQL injection and local and remote file inclusion vulnerabilities.
New Vulnerability Test Highlights
Some of the more interesting vulnerability tests we added recently are as follows:
- Administration Console Access Vulnerability in Adobe ColdFusion (APSB13-10) (CVE-2013-1388)
- ColdFusion Components Access Vulnerability in Adobe ColdFusion (APSB13-19) (CVE-2013-3350)
- Denial of Service Vulnerability in Adobe ColdFusion (APSB12-21) (CVE-2012-2048)
- Denial of Service Vulnerability in Adobe ColdFusion with Adobe JRun (APSB13-19) (CVE-2013-3349)
- Sandbox Restriction Bypass Vulnerability in Adobe ColdFusion (APSB12-26) (CVE-2012-5675)
- User Impersonation Vulnerability in Adobe ColdFusion (APSB13-10) (CVE-2013-1387)
- Denial of Service Vulnerability in Adobe ColdFusion with Microsoft IIS (APSB12-25) (CVE-2012-5674)
- Microsoft DNS Resolver Service Vulnerability (CVE-2012-1194)
- Information Disclosure Vulnerability in Wordpress (CVE-2013-2203)
- Local File Inclusion Vulnerability in Wordpress (CVE-2013-2202)
- Privilege Escalation Vulnerability in Wordpress (CVE-2013-2200)
- Server Side Request Vulnerability in Wordpress (CVE-2013-2199)
How Do I Update My TrustKeeper Scan Engine?
All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.