The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available.
This week we've included 7 new vulnerabilities, which relate to FreeBSD and generic web application misconfiguration issues.
New Vulnerability Test Highlights
Some of the more interesting vulnerability tests we added recently are as follows:
FreeBSD
- FreeBSD Kernel Memory Disclosure Vulnerability in setlogin/getlogin (FreeBSD-SA-14:25.setlogin) (CVE-2014-8476)
- FreeBSD namei Kernel Memory Disclosure Vulnerability (FreeBSD-SA-14:22.namei) (CVE-2014-3711)
- FreeBSD routed Remote Denial of Service Vulnerability (FreeBSD-SA-14:21.routed) (CVE-2014-3955)
- FreeBSD rtsold Remote Buffer Overflow Vulnerability (FreeBSD-SA-14:20.rtsold) (CVE-2014-3954)
- FreeBSD sshd Denial of Service Vulnerability (FreeBSD-SA-14:24.sshd) (CVE-2014-8475)
Generic
- Information disclosure via sitemap.xml
- Non-Secure Session Cookies Identified
How to Update?
All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.
