LevelBlue Completes Acquisition of Cybereason. Learn more

Request a Demo

LevelBlue Completes Acquisition of Cybereason. Learn more

Submit RFP
Request a Demo
Services
Cyber Advisory
Managed Cloud Security
Data Security
Manage Detection & Response
Email Security
Managed Network Infrastructure Security
Exposure Management
Security Operations Platforms
Incident Readiness & Response
SpiderLabs Threat Intelligence
View All Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Operational Technology
End-to-end OT security
Microsoft Security
Unlock the full power of Microsoft Security
Securing the IoT Landscape
Test, monitor and secure network objects
Why LevelBlue
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
LevelBlue SpiderLabs
Global researchers, ethical hackers, and responders
LevelBlue Security Operations Platforms
Unprecedented security visibility and control
Security Colony
Access to cybersecurity threat protection resources
Partners
Microsoft
Unlock the full power of Microsoft Security
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP

TrustKeeper Scan Engine Update - August 2, 2013

It's high summer in the Windy City and we're bringing you another TrustKeeper Scan Engine update on a warm, gentle breeze. This update has coverage for 19 new vulnerabilities, detection for 4 new service applicaitons as well as the usual bug fixes and general improvements.

The new detection for the service applications include Openswan, FreeS/WAN, strongSwan - all of which are IPSec implementations - and Jenkins, a Java-based Continuous integration server.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Apache
* Apache HTTP Server mod_dav_svn Denial of Service Vulnerability via Invalid Source (CVE-2013-1896)
* Apache HTTP Server mod_rewrite Terminal Escape Sequence Vulnerability (CVE-2013-1862)

Joomla
* Cross-site scripting vulnerability in Joomla! Language Switch module. (CVE-2012-4532)
* Joomla! Unspecified XSS Vulnerability (CVE-2012-4531)
* Joomla! XSS Vulnerability in Highlighter Plugin (CVE-2013-3267)
* Joomla! XSS Vulnerability in Voting Plugin (CVE-2013-3059)

Openswan
* Openswan and Freeswan Aggressive Mode PSK Denial of Service (CVE-2005-3671)
* Openswan and Strongswan ASN.1 parser Denial of Service (CVE-2009-2185)
* Openswan and Strongswan Dead Peer Detection Denial of Service (CVE-2009-0790)
* Openswan Buffer Overflow in atodn function (CVE-2013-2053)
* Openswan IKE Invalid Key Length Vulnerability (CVE-2011-3380)
* Openswan IPSEC livetest tool Permissions Vulnerability (CVE-2008-4190)
* Openswan PID File Permissions Vulnerability (CVE-2011-2147)
* Openswan Stack-based Buffer Overflow in get_internal_addresses function (CVE-2005-0162)
* Openswan Use-after-free Vulnerability in Cryptographic Helper Handler (CVE-2011-4073)
* Openswan Cisco Banner Option Handling Command Execution and DoS Vulnerability (CVE-2010-3308)
* Openswan Cisco Banner Option Handling Command Execution Vulnerability (CVE-2010-3753)
* Openswan Cisco DNS Option Handling Vulnerability (CVE-2010-3752, CVE-2010-3302)

Oracle
* Oracle Enterprise Manager January 2013 CPU Advisory (CVE-2013-0352, CVE-2013-0374, CVE-2013-0355, CVE-2013-0373, CVE-2013-0353, CVE-2013-0358, CVE-2013-0354, CVE-2012-5062, CVE-2012-3219)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

Latest Software Updates

CVT Deployment 1.111.0-1

Database Security Knowledgebase Update KB 6.54

DbProtect 6.6.13 Now Available