Vulnerabilities resolved in TRITON APX Version 8.0

Article Number: 000007902
7902
Products: TRITON AP-DATA, TRITON AP-EMAIL, TRITON AP-WEB
Versions: 8.0

Problem Description


Article Last Updated on 2 October 2015

The following security vulnerabilities have been resolved in TRITON APX solutions at Version 8.0 [released 2 February 2015]:

For earlier versions, please see these articles:

Heartbleed Vulnerability

POODLE Vulnerability

OPENSSL Man-in-the-Middle Vulnerability

GHOST glibc Vulnerability

Shellshock BASH Vulnerability





TRITON AP-WEB


Vulnerability IDs Status 8.0.0
Cross-Site Scripting (XSS) - TRITON UI Exceptions 
and Scanning Exceptions Pages
 
WSE-5122 Resolved Yes
Windows Domain User Enumeration via HTTP Authentication
 
WCG-2589 Resolved Yes
SSL 3.0 POODLE vulnerability
QualysGuard Vulnerability Issue
CVE-2014-3566
WSE-4723
WSE 4544
WCG-2347
EI-2301
EI-2970
WCG-2301

 
Resolved Yes

Reflected Cross-Site Scripting (XSS) vulnerability in Content Gateway error messages
Special thanks to Security Researcher Han Sahin from Securify for alerting us to this vulnerability.

 

WCG-2132
EI-2529
EI-2465

Resolved

Yes

Unauthenticated access to Apache folder structure
Special thanks to Security Researcher Han Sahin from Securify.

 

WSE-4322

Resolved

Yes

Reflected Cross-Site Scripting (XSS) vulnerability in block pages
Special thanks to Security Researcher Han Sahin from Securify,

 

WSE-4308

Resolved

Yes

Stored Cross-Site Scripting (XSS) in the Job Queue of investigative reports
Special thanks to Security Researcher Han Sahin from Securify.  

 

WSE-3881

Resolved

Yes

BASH Shellshock remote command execution
CVE-2014-6271
 

WSE-4219

Resolved

Yes


TRITON AP-DATA

Vulnerability   IDs   Status   8.0.0  
Microsoft Windows Unquoted Service Path Enumeration
(Applies to TRITON Infrastructure)
 
EIP-223 Resolved Yes
DSS Mobile Report Catalog Stored XSS
 
DSS-8369 Resolved Yes
DSS UI - DSS DLP Report Catalog Stored XSS
 
DSS-8368 Resolved Yes
SSL 3.0 POODLE Vulnerability: Mobile Agent 8.0.0.071
and Policy Engine 8.0.0.145
CVE-2014-3566
DSS-7910 Resolved Yes


TRITON AP-EMAIL

Vulnerability   IDs  Status  8.0.0  
SSL Server Supports Weak Encryption
QualysGuard Vulnerability Issue
 
ESG-5623 Resolved Yes
Vulnerability issue for port 17703 (PE)
 
ESG-4687 Resolved Yes
Clickjacking issue
 
ESG-4344 Resolved Yes
Autocomplete Enabled
 
ESG-4343 Resolved Yes
Cross-Site Scripting (XSS) in Email Security Gateway
 
ESG-6006 Resolved Yes
PEM Vulnerability to brute force attack ESG-3696
EI-1058
 
Resolved Yes
Clickjacking Vulnerability on Email Security Gateway ESG-5336
EI-2637
 
Resolved Yes
Upgrade OPENSSL library to 1.0.1h to avoid vulnerability issue
 
ESG-3711 Resolved Yes
Clickjacking Vulnerability on Email Security Gateway ESG-5660
ESG-5658
EI-2637
 
Resolved Yes
Mail Server Accepts Plaintext Credentials
QualysGuard Vulnerable Issue
 
ESG-5622 Resolved Yes
Reflected Cross-Site Scripting (XSS) issue
 
ESG-4342 Resolved Yes
Cross-Site Request Forgery (CSRF)
several pages in PEM (High Risk Vulnerability)
 
ESG-6005 Resolved Yes
SSLv2.0 for ESG (TRITON, WSE, PEM)
cannot be used after forbidding SSLv3.0 for POODLE vulnerability
 
ESG-5834 Resolved Yes


V-Series Appliances

Vulnerability   IDs   Status  8.0.0  

Cross-Site Request Forgery (CSRF)
in command line page
 
APP-3494 Resolved Yes
Re-check all third-party software libraries
 
APP-3434 Resolved Yes
OpenSSH Login Grace Time Denial of Service Vulnerability
QualysGuard Potential Vulnerability
 
APP-3335
APP-3336
 
Resolved Yes
SSLv3 Padding Oracle Attack Information Disclosure Vulnerability (POODLE)
QualysGuard Potential Vulnerability
CVE-2014-3566
 
APP-3324 Resolved Yes
Mail Server Accepts Plaintext Credentials
QualysGuard Potential Vulnerability
 
APP-3322 Resolved Yes
BASH Shellshock
QualysGuard Potential Vulnerability
CVE-2014-6271
 
APP-3086 Resolved Yes
SVM - Arbitrary File Upload
 
APP-2789 Resolved Yes
SVM - Arbitrary File Read
 
APP-2788 Resolved Yes


Article Rating:

Do you have any additional feedback?    close