TrustKeeper Scan Engine Update for February 06, 2019

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Apache

• Apache HTTP Server HTTP/2 Connections Denial of Service Vulnerability (CVE-2018-17189)
• Apache HTTP Server mod_session_cookie Session Expiry Time Vulnerability (CVE-2018-17199)
• Apache HTTP Server mod_ssl OpenSSL Remote Denial of Service Vulnerability (CVE-2019-0190)
• Apache Subversion mod_dav_svn Denial of Service Vulnerability (CVE-2018-11803)

Cisco

• Cisco ASA Direct Memory Access Denial of Service Vulnerability (cisco-sa-20181003-asa-dma-dos, CSCvj89470) (CVE-2018-15383)
• Cisco ASA IPsec VPN Denial of Service Vulnerability (cisco-sa-20181003-asa-ipsec-dos, CSCuy57310) (CVE-2018-15397)

Drupal

• Drupal Core Arbitrary PHP Code Execution Vulnerability (SA-CORE-2019-002) (CVE-2019-6339)
• Drupal Core Third Party Library Arbitrary File Deletion Vulnerability (SA-CORE-2019-001) (CVE-2018-1000888, CVE-2019-6338)

PhpMyAdmin

• PhpMyAdmin Arbitrary File Read Vulnerability (PMASA-2019-1) (CVE-2019-6799)
• PhpMyAdmin Designer feature SQL injection Vulnerability (PMASA-2019-2) (CVE-2019-6798)

Joomla

• Joomla! Core com_config Stored Cross-Site Scripting Vulnerability (20190103) (CVE-2019-6263)
• Joomla! Core com_contact Stored Cross-Site Scripting Vulnerability (20190102) (CVE-2019-6261)
• Joomla! Core HelpButton.php Stored Cross-Site Scripting Vulnerability (20190104) (CVE-2019-6262)
• Joomla! Core mod_banners Stored Cross-Site Scripting Vulnerability (20190101) (CVE-2019-6264)

MySQL

• MySQL Critical Patch Update - January 2019 (CVE-2019-2455, CVE-2019-2434, CVE-2019-2482, CVE-2019-2529, CVE-2019-2533, CVE-2019-2534, CVE-2019-2502, CVE-2019-2536, CVE-2018-0734, CVE-2019-2436, CVE-2019-2503, CVE-2019-2513, CVE-2019-2535, CVE-2019-2532, CVE-2019-2486, CVE-2019-2531, CVE-2019-2528, CVE-2019-2530, CVE-2019-2507, CVE-2019-2481, CVE-2019-2420, CVE-2019-2537, CVE-2019-2495, CVE-2019-2494, CVE-2019-2539, CVE-2019-2510)

Oracle

• Oracle Critical Patch Update/Patch Set Update - January 2019 (CVE-2019-2547, CVE-2019-2406, CVE-2019-2444)
• Oracle Enterprise Manager CPU January 2019 (CVE-2018-0732, CVE-2016-4000, CVE-2018-3303)
• Oracle Glassfish Server Local File Inclusion Vulnerability (TWSL2015-016)
• Oracle Solaris OS January 2019 CPU (CVE-2019-2541, CVE-2019-2545, CVE-2019-2544, CVE-2019-2543, CVE-2019-2437, CVE-2018-3646, CVE-2018-3639)
• Oracle WebLogic Server January 2019 CPU (CVE-2019-2395, CVE-2019-2452, CVE-2019-2441, CVE-2019-2418, CVE-2019-2398, CVE-2018-1000180, CVE-2015-9251, CVE-2015-1832)

WordPress

• Wordpress Version Prior to 4.9.9 and 5.0.1 Multiple Vulnerabilities (CVE-2018-20147, CVE-2018-20148, CVE-2018-20150, CVE-2018-20151, CVE-2018-20152, CVE-2018-20153)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.