Loading...
Security Resources

Software Updates

Trustwave Web Application Firewall 4.59

Trustwave SpiderLabs is pleased to announce the release of CorSigs version 4.59 for Trustwave Web Application Firewall (WAF) versions 8.5 and 9.0. These rules are written to detect attacks or classes of attacks on web applications and their components.

Release Summary

This release includes the following new signatures inclusion:

  • (2500017) WordPress Plugin Support Board 1.2.3 XSS
    The Support Board 1.2.3 plugin for WordPress allows a remote user to inject arbitrary script via the vulnerable parameter.
  • (2500018) Joomla! Component JE Photo Gallery 1.1 SQLi
    The JE Photo Gallery 1.1 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • (2500019) Joomla! Component J-CruisePortal 6.0.4 SQLi
    The J-CruisePortal 6.0.4 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • (2500020) Joomla! Component JMultipleHotelReservation 6.0.7 SQLi
    The JMultipleHotelReservation 6.0.7 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • (2500021) Joomla! Component J-ClassifiedsManager 3.0.5 SQLi
    The J-ClassifiedsManager 3.0.5 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • (2500022) Joomla! Component J-BusinessDirectory 4.9.7 SQLi
    The J-BusinessDirectory 4.9.7 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • (2500023) Joomla! Component VMap 1.9.6 SQLi
    The VMap 1.9.6 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • (2500024) Joomla! Component vRestaurant 1.9.4 SQLi
    The vRestaurant 1.9.4 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • (2500025) Joomla! Component vReview 1.9.11 SQLi
    The vReview 1.9.11 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • (2500026) Joomla! Component vAccount 2.0.2 SQLi
    The vAccount 2.0.2 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • (2500027) Joomla! Component vWishlist 1.0.1 SQLi
    The vWishlist 1.0.1 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • (2500028) Joomla! Component vBizz 1.0.7 RCE
    The vAccount 2.0.2 component for Joomla! allows a remote user to execute arbitrary commands via the vulnerable parameter.
  • (2500029) Joomla! Component vBizz 1.0.7 SQLi
    The vBizz 1.0.7 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • (2500031) Joomla! Component JoomCRM 1.1.1 SQLi
    The JoomCRM 1.1.1 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • (2500032) WordPress Plugin Adicon Server 1.2 SQLi
    The Support Board 1.2.3 plugin for WordPress allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

How to Update

No action is required by customers running versions 8.5 or 9.0 of Trustwave Web Application Firewall who subscribe to the online update feature. Their deployments will update automatically.

Please note that even if blocking actions are defined for a protected site, Simulation Mode for these rules is ON by default in order to allow site managers to inspect the impact of new rules before blocking relevant traffic. If you want to activate blocking actions for this rule, you must update the Actions for this signature in the Policy Manager.