Loading...
Security Resources

Software Updates

TrustKeeper Scan Engine Update - October 3, 2013

We're back and bringing you another TrustKeeper Scan Engine update. This time we've got coverage for 19 new vulnerabilities including coverage for a bunch of Adobe Coldfusion, Microsoft and Wordpress vulns. We've also made some improvements to our web application scanning to better detect cross-site scripting, SQL injection and local and remote file inclusion vulnerabilities.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Adobe

    • Administration Console Access Vulnerability in Adobe ColdFusion (APSB13-10) (CVE-2013-1388)

 

    • ColdFusion Components Access Vulnerability in Adobe ColdFusion (APSB13-19) (CVE-2013-3350)

 

    • Denial of Service Vulnerability in Adobe ColdFusion (APSB12-21) (CVE-2012-2048)

 

    • Denial of Service Vulnerability in Adobe ColdFusion with Adobe JRun (APSB13-19) (CVE-2013-3349)

 

    • Sandbox Restriction Bypass Vulnerability in Adobe ColdFusion (APSB12-26) (CVE-2012-5675)

 

  • User Impersonation Vulnerability in Adobe ColdFusion (APSB13-10) (CVE-2013-1387)

Microsoft

    • Denial of Service Vulnerability in Adobe ColdFusion with Microsoft IIS (APSB12-25) (CVE-2012-5674)

 

Wordpress

    • Information Disclosure Vulnerability in Wordpress (CVE-2013-2203)

 

    • Local File Inclusion Vulnerability in Wordpress (CVE-2013-2202)

 

    • Privilege Escalation Vulnerability in Wordpress (CVE-2013-2200)

 

How Do I Update My TrustKeeper Scan Engine?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.