Security Resources

Software Updates

Trustwave App Scanner Updates for June 2019

**Our Knowledgebase Articles can now be viewed at: https://www3.trustwave.com/support/kb/

===== ===== ===== ===== ===== ==
Web Server Vulnerabilities Updates
===== ===== ===== ===== ===== ==
Apache Tomcat Cross-Site Scripting Vulnerability


The SSI printenv command in Apache Tomcat 9.0.0.M1 to, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.

WordPress Path Disclosure Vulnerability


WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring.

IBM WebSphere Remote Code Execution Vulnerability


IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.

Oracle WebLogic Server Remote Code Execution Vulnerability


Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are and Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

Engine: 1000.0.102 and 1001.0.40.