Software Updates

Trustwave Web Application Firewall 4.53

Written by | Apr 12, 2018 9:52:00 AM

Trustwave SpiderLabsĀ® is pleased to announce the release of CorSigs version 4.53 for Trustwave Web Application Firewall (WAF) versions 8.5 and 9.0. These rules are written to detect attacks or classes of attacks on web applications and their components.

Release Summary

This release includes an out of date rules cleanup and the following new signatures inclusion:

  • Joomla! Component BT Media 1.0 SQLi
    The BT Media 1.0 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Guru Pro SQLi
    The Guru Pro component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component PayPlans 3.3.6 SQLi
    The PayPlans 3.3.6 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component com_publisher SQLi
    The publisher component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component CCNewsLetter 2.1.9 SQLi
    The CCNewsLetter 2.1.9 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Event Registration Pro Calendar 4.1.3 SQLi
    The Event Registration Pro Calendar 4.1.3 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component LMS King Professional 3.2.4.0 SQLi
    The LMS King Professional 3.2.4.0 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component PHP-Bridge 1.2.3 SQLi
    The PHP-Bridge 1.2.3 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component SIMGenealogy 2.1.5 SQLi
    The SIMGenealogy 2.1.5 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Ultimate Property Listing 1.0.2 SQLi
    The Ultimate Property Listing 1.0.2 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • GitHub Enterprise 2.8.7 RCE SSRF
    GitHub Enterprise below 2.8.7 allows an attacker attacker with network access via HTTP to compromise vulnerable component, resulting with possible server takeover.
  • Easy Web Search 4.0 SQLi
    Easy Web Search 4.0 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • FTP Made Easy PRO 1.2 SQLi
    FTP Made Easy PRO 1.2 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Quiz Deluxe 3.7.4 SQLi
    The Quiz Deluxe 3.7.4 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component OSDownloads 1.7.4 SQLi
    The OSDownloads 1.7.4 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Photo Contest 1.0.2 SQLi
    The Photo Contest 1.0.2 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Price Alert 3.0.2 SQLi
    The Price Alert 3.0.2 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Quiz Deluxe 3.7.4 SQLi
    The Quiz Deluxe 3.7.4 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Responsive Portfolio 1.6.1 SQLi
    The Responsive Portfolio 1.6.1 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Survey Force Deluxe 3.2.4 SQLi
    The Survey Force Deluxe 3.2.4 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Zap Calendar Lite 4.3.4 SQLi
    The Zap Calendar Lite 4.3.4 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Multi Level Marketing service_detail.php SQLi
    The Service Detail of Multi Level Marketing allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Multi Level Marketing SQLi news_detail
    The News Detail of Multi Level Marketing allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Multi Level Marketing event_detail.php SQLi
    The Event Detail of Multi Level Marketing allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • PHP Dashboards 4.4 SQLi
    PHP Dashboards 4.4 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-6089: phpCollab deletetopics.php 2.5.1 SQLi
    The deletetopics plugin of phpCollab 2.5.1 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-6089: phpCollab 2.5.1 SQLi
    The deletebookmarks plugin of phpCollab 2.5.1 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-15965: Joomla! Component NS Download Shop 2.2.6 SQLi
    The NS Download Shop 2.2.6 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component Sponsor Wall 8.0 SQLi
    The Sponsor Wall 8.0 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-15966: Joomla! Component Zh YandexMap 6.1.1.0 SQLi
    The Zh YandexMap 6.1.1.0 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-15970: PHP CityPortal 2.0 SQLi
    PHP CityPortal 2.0 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-15081: PHP Melody 2.6.1 SQLi
    PHP Melody 2.6.1 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-15968: MyBuilder Clone 1.0 SQLi
    MyBuilder Clone 1.0 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-15961: iProject Management System 1.0 SQLi
    iProject Management System 1.0 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-15958: D-Park Pro 1.0 SQLi
    D-Park Pro Domain Parking Script 1.0 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Oracle People Soft RCE
    Oracle People Soft allows an unauthenticated attacker to compromise vulnerable component that leads to remote code execution
  • CVE-2017-14960: EMC xPression 4.5SP1 Patch 13 xDashboard SQLi
    EMC xDashboard below v4.5SP1 Patch 13 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2017-17875: Joomla! Component JEXTN FAQ Pro 4.0.0 SQLi
    The JEXTN FAQ Pro 4.0.0 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • Joomla! Component User Bench 1.0 SQLi
    The User Bench 1.0 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2018-5211: PHP Melody 2.7.1 SQLi
    PHP Melody 2.7.1 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • WordPress Plugin Admin Menu Tree Page View 2.6.9 XSS
    The Admin Menu Tree Page View 2.6.9 plugin for WordPress allows an attacker could perform a Persistent XSS attack if the victim has administrative rights.
  • WordPress Plugin CMS Tree Page View 1.4 XSS
    The CMS Tree Page View 1.4 plugin for WordPress allows an attacker could perform a Persistent XSS attack if the victim has administrative rights.
  • CVE-2018-5315: WordPress Plugin Events Calendar SQLi
    The Events Calendar 1.0 plugin for WordPress allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • CVE-2018-3811: WordPress Plugin Smart Google Code Inserter 3.5 SQLi
    The Smart Google Code Inserter 3.5 plugin for WordPress allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.
  • WordPress Plugin Social Media Widget by Acurax 3.2.5 XSS
    The Social Media Widget by Acurax 3.2.5 plugin for WordPress allows an attacker could perform a Persistent XSS attack if the victim has administrative rights.
  • vBulletin routestring Unauthenticated RCE
    vBulletin version 5 allows a remote attacker to include unauthenticated file that leads to remote code execution

How to Update

No action is required by customers running versions 8.5 or 9.0 of Trustwave WAF who subscribe to the online update feature. Their deployments will update automatically.

Please note that even if blocking actions are defined for a protected site, Simulation Mode for these rules is ON by default to allow site managers to inspect the impact of new rules before blocking relevant traffic. If you want to activate blocking actions for this rule, you must update the Actions for this signature in the Policy Manager.
View full post