TrustKeeper Scan Engine Update for February 21, 2020

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

ClamAV

• ClamAV Data-Loss-Prevention Feature Denial of Service Vulnerability (CVE-2020-3123)

FreeBSD

• FreeBSD IPsec Package Reply Vulnerability (FreeBSD-SA-20:02.ipsec) (CVE-2019-5613)
• FreeBSD Kernel Stack Data Disclosure Vulnerability (FreeBSD-SA-20:03.thrmisc) (CVE-2019-15875)
• FreeBSD libfetch Buffer Overflow Vulnerability (FreeBSD-SA-20:01.libfetch) (CVE-2020-7450)

Joomla

• Joomla Core Account Creation Privilege Escalation Vulnerability (20120303) (CVE-2012-1563)
• Joomla Core batch actions Cross-Site Request Forgery Vulnerability (20200101) (CVE-2020-8419)
• Joomla Core com_actionlogs Cross-Site Scripting Vulnerability (20200103) (CVE-2020-8421)
• Joomla Core com_mailto Timeout Bypass Vulnerability (20090723) (CVE-2011-4912)
• Joomla Core com_templates Cross-Site Request Forgery Vulnerability (20200102) (CVE-2020-8420)
• Joomla Core filter_order SQL Injection Vulnerability (20110201) (CVE-2011-1151)
• Joomla Core index.php Cross-Site Scripting Vulnerabilities (20110902) (CVE-2011-3595)
• Joomla Core Information Exposure Vulnerability (20111002) (CVE-2011-4937)
• Joomla Core JEXEC Path Disclosure Vulnerability (20090722) (CVE-2011-4907)
• Joomla Core Password Reset Vulnerability (20120304) (CVE-2012-1562)

Microsoft

• Microsoft Exchange Server Elevation of Privilege Vulnerability (2020-Feb) (CVE-2020-0692)
• Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability (2020-Feb) (CVE-2020-0688)
• Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability (2020-Feb) (CVE-2020-0618)
• Microsoft Windows February 2020 Security Updates Missing (CVE-2020-0736, CVE-2020-0732, CVE-2020-0709, CVE-2020-0792, CVE-2020-0751, CVE-2020-0716, CVE-2020-0757, CVE-2020-0661, CVE-2018-8267, CVE-2020-0689, CVE-2020-0767, CVE-2020-0756, CVE-2020-0755, CVE-2020-0754, CVE-2020-0753, CVE-2020-0752, CVE-2020-0750, CVE-2020-0749, CVE-2020-0748, CVE-2020-0747, CVE-2020-0746, CVE-2020-0745, CVE-2020-0744, CVE-2020-0743, CVE-2020-0742, CVE-2020-0741, CVE-2020-0740, CVE-2020-0739, CVE-2020-0738, CVE-2020-0737, CVE-2020-0735, CVE-2020-0734, CVE-2020-0731, CVE-2020-0730, CVE-2020-0729, CVE-2020-0728, CVE-2020-0727, CVE-2020-0726, CVE-2020-0725, CVE-2020-0724, CVE-2020-0723, CVE-2020-0722, CVE-2020-0721, CVE-2020-0720, CVE-2020-0719, CVE-2020-0717, CVE-2020-0715, CVE-2020-0714, CVE-2020-0713, CVE-2020-0712, CVE-2020-0711, CVE-2020-0710, CVE-2020-0708, CVE-2020-0707, CVE-2020-0706, CVE-2020-0705, CVE-2020-0704, CVE-2020-0703, CVE-2020-0701, CVE-2020-0698, CVE-2020-0691, CVE-2020-0686, CVE-2020-0685, CVE-2020-0683, CVE-2020-0682, CVE-2020-0681, CVE-2020-0680, CVE-2020-0679, CVE-2020-0678, CVE-2020-0677, CVE-2020-0676, CVE-2020-0675, CVE-2020-0674, CVE-2020-0673, CVE-2020-0672, CVE-2020-0671, CVE-2020-0670, CVE-2020-0669, CVE-2020-0668, CVE-2020-0667, CVE-2020-0666, CVE-2020-0665, CVE-2020-0663, CVE-2020-0662, CVE-2020-0660, CVE-2020-0659, CVE-2020-0658, CVE-2020-0657, CVE-2020-0655)

PHP

• PHP fsockopen Improper Input Validation Vulnerability (CVE-2017-7189)

Splunk

• Splunk Patch Missing (SP-CAAAH32) (CVE-2013-6772)
• Splunk Patch Missing (SP-CAAAHXG) (CVE-2013-0166, CVE-2013-0169, CVE-2013-6773, CVE-2012-6447)

Squid

• Squid Proxy Cache ext_lm_group_acl Denial of Service Vulnerability (SQUID-2020:3) (CVE-2020-8517)
• Squid Proxy Cache FTP Gateway Information Disclosure Vulnerability (SQUID-2020:2) (CVE-2019-12528)
• Squid Proxy Cache HTTP Request Input Validation Vulnerability (SQUID-2020:1) (CVE-2020-8450, CVE-2020-8449)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.