Loading...
Security Resources

Software Updates

Trustwave App Scanner Updates for September 5, 2018

Auto updates 8.6 and 8.7 are now available

 

===== ===== ===== ===== ===== ==

Web Server Vulnerabilities Updates

===== ===== ===== ===== ===== ==

 

PHP Path Disclosure Vulnerability

CVE-2018-15132

 

An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories.

 

Drupal Web Cache Poisoning Vulnerability

CVE-2018-14773

 

The Drupal project uses the Symfony library. An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header. These headers are designed for IIS support, but it's not verified that

the server is in fact running IIS, which means anybody who can send these requests

to an application can trigger this. This affects

\Symfony\Component\HttpFoundation\Request::prepareRequestUri() where X-Original-URL

and X_REWRITE_URL are both used. The fix drops support for these methods so that they  cannot be used as attack vectors such as web cache poisoning.

 

PHP Denial of Service Vulnerability

CVE-2018-14884

 

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is

mishandled in an atoi call.

 

PHP Integer Overflow Vulnerability

CVE-2018-14883

 

An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.

 

PHP Denial of Service Vulnerability

CVE-2018-14851

 

exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service

(out-of-bounds read and application crash) via a crafted JPEG file.

 

PHP Denial of Service Vulnerability

CVE-2017-9120

 

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an

Integer overflow in mysqli_real_escape_string.

 

PHP Denial of Service Vulnerability

CVE-2017-9118

 

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.

 

Apache Cross User Information Disclosure Vulnerability

CVE-2018-8037

 

If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request

was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.

 

Apache Denial of Service Vulnerability

CVE-2018-1336

 

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.

 

Apache HTTP Server CRLF Injection Vulnerability

CVE-2016-4975

 

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache

HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).

 

Oracle WebLogic Server Remote Code Execution Vulnerability

CVE-2018-2933

 

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is

in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of

Oracle WebLogic Server accessible data. Note: Please refer to MOS document.

 

Apache Security Bypass Vulnerability

CVE-2018-8034

 

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.

 

===== ===== ===== =====

SmartAttack Updates 

===== ===== ===== =====

 

Windows Command Injection

The smart attack is enhanced to detect Struts Vulnerability CVE-2018-11776.

 

Unix Command Injection

The smart attack is enhanced to detect Struts Vulnerability CVE-2018-11776.

 

===== ===== ===== =====

Manual update instructions

 

Trustwave App Scanner customers with auto update enabled receive updates automatically and need not take any action. Customers who manually update their products or services will need to download the appropriate manual update file for their version of Trustwave App Scanner:

 

1. Log in to your account at https://login.trustwave.com

 

2. Click on the support tab

 

3. Click on "File Library" in the sub-menu

 

4. Navigate to the path "private/AppScanner/Manual Update" and download the appropriate file

 

5. Follow the instructions appropriate to the product you use:

 

Trustwave App Scanner Desktop (formerly Cenzic Desktop (Pro))

 

1. Double click on the manual updater .exe file

 

2. Click the install button to extract the executable

 

a. You can specify any path on the local drive

 

b. It will extract a folder named "Manualupdate_(x)" where x is the auto update number

 

3. Open the folder and double click on the InstallUpdates.bat file to perform the library update

 

4. Log into Trustwave App Scanner and go to Help > Check for Updates

 

a. If the system update is present, a pop up will appear stating that Trustwave App Scanner needs to close down

 

b. Click OK

 

5. Restart Trustwave App Scanner to get the updates and log back in to receive the latest updates

 

Trustwave App Scanner Enterprise (formerly Cenzic Enterprise (ARC))

 

1. Download the .exe file onto the machine that has Trustwave App Scanner Enterprise installed on it and double click the file

 

2. Click the install button to extract the executable

 

a. You can specify any path on the local drive

 

b. It will extract a folder named "Manualupdate_(x)" where x is the auto update number

 

3. Open the folder and double click on the InstallUpdates.bat file to perform the library update

 

4. Once Manual Updater exits, restart the Enterprise Execution Engine through the Configuration Utility at Start > Programs > Cenzic > Configuration Utility > Local Service Tab > Enterprise Execution Engine and restart the service

 

5. Log into Trustwave App Scanner Enterprise using the administrative account

 

6. If you see any "System Updates Available" message at the top of the page, go to Administration > Server Settings > System Updates

 

7. Click on Apply System Updates