Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Trustwave Web Application Firewall 4.53

Trustwave SpiderLabs® is pleased to announce the release of CorSigs version 4.53 for Trustwave Web Application Firewall (WAF) versions 8.5 and 9.0. These rules are written to detect attacks or classes of attacks on web applications and their components.

Release Summary

This release includes an out of date rules cleanup and the following new signatures inclusion:

  • Joomla! Component BT Media 1.0 SQLi
    The BT Media 1.0 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Guru Pro SQLi
    The Guru Pro component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component PayPlans 3.3.6 SQLi
    The PayPlans 3.3.6 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component com_publisher SQLi
    The publisher component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component CCNewsLetter 2.1.9 SQLi
    The CCNewsLetter 2.1.9 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Event Registration Pro Calendar 4.1.3 SQLi
    The Event Registration Pro Calendar 4.1.3 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component LMS King Professional 3.2.4.0 SQLi
    The LMS King Professional 3.2.4.0 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component PHP-Bridge 1.2.3 SQLi
    The PHP-Bridge 1.2.3 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component SIMGenealogy 2.1.5 SQLi
    The SIMGenealogy 2.1.5 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Ultimate Property Listing 1.0.2 SQLi
    The Ultimate Property Listing 1.0.2 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • GitHub Enterprise 2.8.7 RCE SSRF
    GitHub Enterprise below 2.8.7 allows an attacker attacker with network access via HTTP to compromise vulnerable component, resulting with possible server takeover.
  • Easy Web Search 4.0 SQLi
    Easy Web Search 4.0 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • FTP Made Easy PRO 1.2 SQLi
    FTP Made Easy PRO 1.2 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Quiz Deluxe 3.7.4 SQLi
    The Quiz Deluxe 3.7.4 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component OSDownloads 1.7.4 SQLi
    The OSDownloads 1.7.4 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Photo Contest 1.0.2 SQLi
    The Photo Contest 1.0.2 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Price Alert 3.0.2 SQLi
    The Price Alert 3.0.2 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Quiz Deluxe 3.7.4 SQLi
    The Quiz Deluxe 3.7.4 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Responsive Portfolio 1.6.1 SQLi
    The Responsive Portfolio 1.6.1 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Survey Force Deluxe 3.2.4 SQLi
    The Survey Force Deluxe 3.2.4 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Zap Calendar Lite 4.3.4 SQLi
    The Zap Calendar Lite 4.3.4 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Multi Level Marketing service_detail.php SQLi
    The Service Detail of Multi Level Marketing allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Multi Level Marketing SQLi news_detail
    The News Detail of Multi Level Marketing allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Multi Level Marketing event_detail.php SQLi
    The Event Detail of Multi Level Marketing allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • PHP Dashboards 4.4 SQLi
    PHP Dashboards 4.4 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-6089: phpCollab deletetopics.php 2.5.1 SQLi
    The deletetopics plugin of phpCollab 2.5.1 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-6089: phpCollab 2.5.1 SQLi
    The deletebookmarks plugin of phpCollab 2.5.1 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-15965: Joomla! Component NS Download Shop 2.2.6 SQLi
    The NS Download Shop 2.2.6 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Sponsor Wall 8.0 SQLi
    The Sponsor Wall 8.0 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-15966: Joomla! Component Zh YandexMap 6.1.1.0 SQLi
    The Zh YandexMap 6.1.1.0 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-15970: PHP CityPortal 2.0 SQLi
    PHP CityPortal 2.0 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-15081: PHP Melody 2.6.1 SQLi
    PHP Melody 2.6.1 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-15968: MyBuilder Clone 1.0 SQLi
    MyBuilder Clone 1.0 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-15961: iProject Management System 1.0 SQLi
    iProject Management System 1.0 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-15958: D-Park Pro 1.0 SQLi
    D-Park Pro Domain Parking Script 1.0 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Oracle People Soft RCE
    Oracle People Soft allows an unauthenticated attacker to compromise vulnerable component that leads to remote code execution
  • CVE-2017-14960: EMC xPression 4.5SP1 Patch 13 xDashboard SQLi
    EMC xDashboard below v4.5SP1 Patch 13 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-17875: Joomla! Component JEXTN FAQ Pro 4.0.0 SQLi
    The JEXTN FAQ Pro 4.0.0 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component User Bench 1.0 SQLi
    The User Bench 1.0 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2018-5211: PHP Melody 2.7.1 SQLi
    PHP Melody 2.7.1 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • WordPress Plugin Admin Menu Tree Page View 2.6.9 XSS
    The Admin Menu Tree Page View 2.6.9 plugin for WordPress allows an attacker could perform a Persistent XSS attack if the victim has administrative rights.
  • WordPress Plugin CMS Tree Page View 1.4 XSS
    The CMS Tree Page View 1.4 plugin for WordPress allows an attacker could perform a Persistent XSS attack if the victim has administrative rights.
  • CVE-2018-5315: WordPress Plugin Events Calendar SQLi
    The Events Calendar 1.0 plugin for WordPress allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2018-3811: WordPress Plugin Smart Google Code Inserter 3.5 SQLi
    The Smart Google Code Inserter 3.5 plugin for WordPress allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • WordPress Plugin Social Media Widget by Acurax 3.2.5 XSS
    The Social Media Widget by Acurax 3.2.5 plugin for WordPress allows an attacker could perform a Persistent XSS attack if the victim has administrative rights.
  • vBulletin routestring Unauthenticated RCE
    vBulletin version 5 allows a remote attacker to include unauthenticated file that leads to remote code execution

How to Update

No action is required by customers running versions 8.5 or 9.0 of Trustwave WAF who subscribe to the online update feature. Their deployments will update automatically.

Please note that even if blocking actions are defined for a protected site, Simulation Mode for these rules is ON by default to allow site managers to inspect the impact of new rules before blocking relevant traffic. If you want to activate blocking actions for this rule, you must update the Actions for this signature in the Policy Manager.

Latest Software Updates

Web Application Security – ModSecurity Commercial Rules, Update for January 2024

Overview for rules released by Trustwave SpiderLabs in January for ModSecurity Commercial Rules package. The rules are available for versions 2.9.x and 3.x of ModSecurity.

Read More

Web Application Security – ModSecurity Commercial Rules, Update for December 2023

Overview for rules released by Trustwave SpiderLabs in December for ModSecurity Commercial Rules package. The rules are available for versions 2.9.x and 3.x of ModSecurity.

Read More

Trustwave Transfers ModSecurity Custodianship to the Open Worldwide Application Security Project (OWASP)

After serving as its steward for over a decade, Trustwave has agreed to transfer the reins of the renowned open-source web application firewall (WAF) engine, ModSecurity, to the Open Worldwide...

Read More