TrustKeeper Scan Engine Update – October 1, 2014

Written by | Oct 8, 2014 3:00:00 PM

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. A highlight of the update is an additional check for the recently disclosed Shellshock vulnerability in GNU Bash (CVE-2014-6271) via the Pure-FTPd vector. Total, this release includes five new checks with coverage for more than a dozen vulnerabilities.

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Joomla

Joomla! Host Header Cross Site Scripting Vulnerability (CVE-2012-3828)
Joomla! Host Header Installation Path Disclosure Vulnerability (CVE-2012-3829)

Oracle

Oracle Database July 2014 (CVE-2013-3751, CVE-2013-3774, CVE-2014-4236, CVE-2014-4237, CVE-2014-4245)
Oracle MySQL July 2014 CPU (CVE-2014-2484, CVE-2014-4258, CVE-2014-4260, CVE-2014-2494, CVE-2014-4238, CVE-2014-4207, CVE-2014-4233, CVE-2014-4240, CVE-2014-4214, CVE-2014-4243)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.

View full post