Security Resources

Software Updates

Trustwave Web Application Firewall 4.57

Trustwave SpiderLabs is pleased to announce the release of CorSigs version 4.57 for Trustwave Web Application Firewall (WAF) versions 8.5, 9.0 and 9.1. These rules are written to detect attacks or classes of attacks on web applications and their components.

Release Summary

This release includes the following new signatures:

  • CVE-2018-13832: WordPress Plugin All In One Favicon 4.6 XSS
    The All In One Favicon 4.6 plugin allows a remote attacker to inject arbitrary script via the vulnerable parameter.
  • WordPress Plugin Job Manager 4.1.0 XSS

The Job Manager 4.1.0 plugin allows a remote user to inject arbitrary script via the vulnerable parameter.

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 are vulnerable to remote code execution "alwaysSelectFullNamespace" is true.

  • Drupal Open Redirect

The Drupal 8.x versions are vulnerable to Open Redirect, vulnerable parameter values in an HTTP GET request allows redirection to a new website without validation of the target of redirect.

The Drupal 8.x before 8.5.6 versions are vulnerable to cache poisoning and allow a remote user to send malicious request, resulting with corrupted response. The harmful response is then cached and served to other users.

The GlassFish Server Open Source Edition 4.1 for Oracle WordPress allows a remote user to execute Directory Traversal.

  • WordPress Plugin Chained Quiz 1.0.8 SQli

The Chained Quiz 1.0.8 plugin for WordPress allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

  • WordPress Plugin Gift Voucher 1.0.5 SQli

The Gift Voucher 1.0.5 plugin for WordPress allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

  • WordPress Plugin Jibu Pro 1.7 XSS

The Jibu Pro 1.7 plugin allows a remote user to inject arbitrary script via the vulnerable parameter.

  • WordPress Plugin Plainview Activity Monitor 20161228 RCE

WordPress Plugin Quizlord 2.0 XSS

The Quizlord 2.0 plugin for WordPress allows a remote user to inject arbitrary script via the vulnerable parameter.

The Social Factory 3.8.3 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

  • Joomla Component eXtroForms 2.1.5 SQLi

The eXtroForms 2.1.5 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

The Jobs Factory 2.0.4 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

The Component Music Collection 3.0.3 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

The Swap Factory 2.2.1 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

The Questions 1.4.3 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

The Collection Factory 4.1.9 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

  • Joomla! Component Dutch Auction Factory 2.0.2 SQLi

The Dutch Auction Factory 2.0.2 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

  • Joomla! Component Raffle Factory 3.5.2 SQLi

The Raffle Factory 3.5.2 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

  • CVE-2018-17376: Joomla! Component Reverse Auction Factory 4.3.8 SQLi-1/2

The Reverse Auction Factory 4.3.8 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

The AlphaIndex Dictionaries 1.0 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

  • CVE-2018-17380: Joomla! Component Article Factory Manager 4.3.9 SQLi

The Article Factory Manager 4.3.9 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

The Timetable Schedule 3.6.8 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

  • Joomla! Component Responsive Portfolio 1.6.1 SQLi

The Responsive Portfolio 1.6.1 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

The CW Article Attachments 1.0.6 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

  • Joomla! Component Auction Factory 4.5.5 SQLi

The Auction Factory 4.5.5 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

  • CVE-2018-1002000: WordPress Plugin Arigato Autoresponder and Newsletter 2.5 Blind SQLi

The Arigato Autoresponder plugin for WordPress allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

  • CVE-2018-1002001: WordPress Plugin Arigato Autoresponder and Newsletter 2.5 Blind XSS

The Arigato Autoresponder plugin for WordPress allows a remote user to inject arbitrary script via the vulnerable parameter.

The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows a remote user to execute Directory Traversal via the Image.php url parameter.

The Localize My Post plugin 1.0 for WordPress allows a remote user to execute Directory Traversal via the ajax/include.php file parameter.

The Penny Auction Factory 2.0.4 component for Joomla! allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

  • CoinHive Crypto Miner

By exploiting this vulnerability, an attacker can use client's processing power for cryptocurrencies mining purposes

In addition, this release contains a significant update to the Policy Tree in order to improve its readability.

 

How to Update

No action is required by customers running versions 8.5, 9.0 or 9.1 of Trustwave Web Application Firewall and whom subscribe to the online update feature. Their deployments will update automatically.

Please note that even if blocking actions are defined for a protected site, Simulation Mode for these rules is ON by default in order to allow site managers to inspect the impact of new rules before blocking relevant traffic. If you want to activate blocking actions for this rule, you must update the Actions for this signature in the Policy Manager.