Loading...
Security Resources

Software Updates

Trustwave Web Application Firewall 4.61

Trustwave Spiderlabs is pleased to announce the release of CorSigs version 4.61 for Trustwave Web Application Firewall (WAF) versions 8.5 and 9.0. These rules are written to detect attacks or classes of attacks on web applications and their components.

Release Summary

This release includes the following new signatures inclusion:

  • (2500044) Oracle WebLogic RCE - CVE-2019-2729
  • (2500045) Oracle WebLogic RCE - CVE-2019-2725
  • (2500046) Oracle WebLogic RCE (Var-B) - CVE-2017-10271
  • (2500047) Oracle WebLogic RCE (Var-B) - CVE-2017-3506
  • (2500048) Atlassian Crowd RCE - CVE-2019-11580
  • (2500049) Atlassian JIRA RCE - CVE-2019-11581
  • (2500050) Microsoft SharePoint RCE - CVE-2019-0604
  • (2500065) phpMyAdmin 4.9.0.1 CSRF CVE-2019-12922
  • (2500064) WordPress Plugin Joomsport 3.3 SQLi CVE-2019-14348
  • (2500063) Webmin RCE CVE-2019-15107
  • (2500062) Jenkins RCE CVE-2019-1003029
  • (2500061) WordPress Plugin UserPro 4.9.32 XSS CVE-2019-14470
  • (2500060) Confluence Widget Connector Macro Template Injection CVE-2019-3396
  • (2500059) WordPress Plugin WooCommerce Product Feed 2.2.18 XSS CVE-2019-1010124
  • (2500057) WordPress Plugin Download Manager 2.9.93 XSS (Var-B) CVE-2019-15889
  • (2500058) WordPress Plugin Download Manager 2.9.93 XSS CVE-2019-15889
  • (2500056) Joomla! com_jssupportticket SQLi
  • (2500054) WordPress Plugin SlickQuiz SQLi CVE-2019-12516
  • (2500053) WordPress Plugin SlickQuiz XSS CVE-2019-12517
  • (2500052) Dolibarr ERP-CRM 10.0.1 XSS CVE-2019-16197
  • (2500051) LimeSurvey 3.17.13 XSS CVE-2019-16173
  • (2500066) vBulletin 5.5.4 RCE (Less Strict) CVE-2019-16759



How to Update

No action is required by customers running versions 8.5 or 9.0 of Trustwave Web Application Firewall and whom subscribe to the online update feature. Their deployments will update automatically.

Please note that even if blocking actions are defined for a protected site, Simulation Mode for these rules is ON by default in order to allow site managers to inspect the impact of new rules before blocking relevant traffic. If you want to activate blocking actions for this rule, you must update the Actions for this signature in the Policy Manager.