| Ticket | Info |
|---|---|
| DE6643 | All HTTP Server Response messages no longer include a Host header by default. Any strike that has this header specifically set to a certain value will remain unchanged. With these changes strikes with IDs E13-22h01,E14-3gu01,E14-3rj01 have also had their Host header removed. |
| DE6652 | Updated the descriptions of Super Flow ‘RTMP Audio Data 127K’ and 'RTMP Audio Data 1K'. |
| DE6663 (1415297) | Updated description for MaxTimeoutPerStrike parameter in Evasion Profile user interface to specify the measured units. |
| Ticket | Info |
|---|---|
| US38679 (1379801) | Added a new canned test and component ICMP fragment flooding Denial of Service attack. This attack will appear in the DDoS testing lab as well. |
| US48954 | DNS Cookie was added based on RFC7873 . Client sends a request to server which contains only a Client Cookie or both Client Cookie and Server Cookie. If the server gets a request with only a Client Cookie it responses with a copy of the Client Cookie and generates a valid Server Cookie; if the server gets a request with both a Client Cookie and a Server Cookie it responses with the copy of the complete COOKIE option from the request. In this update 2 new parameters were added to the "DNS" protocol: "Client DNS Cookie Option" and "Server DNS Cookie Option". There are also 2 new Super Flows that are using the new parameters. |
| US53064 | Five new application profiles have been added. Each emulates traffic for the protocol mixes described in a 2016 Next Generation Firewall Test Methodology report. |
| US53976 | Three new super flows have been added. The super flows generate UDP fragmented DNS responses. The help text for the "Number of Answers" parameter in the DNS Response action has been updated. The new behaviour allows the user to specify the number of DNSKEY answers a response can contain. |
| Name | Category | Info |
|---|---|---|
| Google Cloud Storage Sep16 | Storage | Google Cloud Storage is a RESTful online file storage web service for storing and accessing data on Google's infrastructure. The service combines the performance and scalability of Google's cloud with advanced security and sharing capabilities. It is an Infrastructure as a Service (IaaS), comparable to Amazon S3 online storage service. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| YouTube Music Sep16 | Mobile | YouTube Music is the Android version of YouTube, a video-sharing website headquartered in San Bruno, California, United States, that lets you watch and listen to a nearly endless catalog of music. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Name | Category | Info |
|---|---|---|
| DNS Cookie Known Server Cookie | Distributed Computing | Simulates a DNS record lookup. The DNS request contains a Client Cookie and a Valid Server Cookie. The server response by copying the complete COOKIE option from the request. |
| DNS Cookie Unknown Server Cookie | Distributed Computing | Simulates a DNS record lookup. The DNS request contains a Client Cookie. The server response contains both the Client Cookie copied from the request and a Server Cookie it has generated. |
| Google Cloud Storage | Storage | Traffic that simulates the registration process and going through the Google Cloud Storage tutorial. |
| Google Cloud Storage Registration | Storage | Traffic that simulates the Google Cloud Storage registration process. |
| Google Cloud Storage Tutorial | Storage | Traffic that simulates going through the Google Cloud Storage tutorial. |
| YouTube Music | Mobile | YouTube Music is the Android version of the video-sharing website, YouTube. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| YouTube Music Play Another Video | Mobile | Traffic that simulates searching and playing a video. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| YouTube Music Play Video | Mobile | Traffic that simulates playing a video and rating it. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| YouTube Music Record and Upload Video | Mobile | Traffic that simulates recording a video and uploading it to YouTube. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| DDoS DNS Fragmented Reflection Flood (ANY Record) | Security | The attack is configured to send a large response from the DNS server to the client. The response is large enough to create a fragmented UDP datagram. The record type is set to ANY and so a mix of record types are returned in the response. |
| DDoS DNS Fragmented Reflection Flood (DNSSEC Record) | Security | The attack is configured to send a large response from the DNS server to the client. The response is large enough to cause a fragmented UDP datagram. The record type is set to DNSKEY. The response would be DNSKEY records along with the RRSIG's. |
| DDoS DNS Fragmented Reflection Flood (TXT Record) | Security | The attack is configured to send a large response from the DNS server to the client. The response is large enough to cause a fragmented UDP datagram. The record type is set to TXT. The response is a set of TXT answers. |
| Name | Info |
|---|---|
| NGFW Enterprise Perimeter Traffic Mix 2016 | Traffic emulating the enterprise perimeter protocol mix described in a 2016 Next Generation Firewall Test Methodology report. |
| NGFW Financial Traffic Mix 2016 | Traffic emulating the financial protocol mix described in a 2016 Next Generation Firewall Test Methodology report. |
| NGFW US Mobile Carrier Traffic Mix 2016 | Traffic emulating the US mobile carrier protocol mix described in a 2016 Next Generation Firewall Test Methodology report. |
| NGFW European Mobile Carrier Traffic Mix 2016 | Traffic emulating the European mobile carrier protocol mix described in a 2016 Next Generation Firewall Test Methodology report. |
| NGFW Internal Segmentation Traffic Mix 2016 | Traffic emulating the internal segmentation protocol mix described in a 2016 Next Generation Firewall Test Methodology report. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E16-66d01 |
APSB-16-02 BID-90505 CVE-2016-4117 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to an out-of-bound memory access in the DeleteRangeTimelineOperation class. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 10.0 | E15-9ho01 |
APSB-15-32 BID-78715 CVE-2015-8412 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-39042 GOOGLE-591 SECURITYTRACKER-1034318 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use after free in MovieClip.duplicateMovieClip. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 10.0 | E15-9hn01 |
APSB-15-32 BID-78715 CVE-2015-8411 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-39041 GOOGLE-592 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use after free in MovieClip StartDrag. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 10.0 | E15-9hm01 |
APSB-15-32 BID-78715 CVE-2015-8410 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-39040 GOOGLE-593 SECURITYTRACKER-1034318 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use after free in MovieClip.attachBitmap. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 10.0 | E15-38p01 |
APSB-15-02 BID-72429 CVE-2015-0313 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-39041 SECURITYTRACKER-1031686 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use after free in the DomainMemory Clear method. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 7.5 | E16-aoz01 |
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-40312 |
Exploits | This strike exploits a SQL injection vulnerability in FreePBX. HTTP requests to /admin/config.php are not sanitized for SQL injection characters. A specially crafted HTTP request with a sql injection in the display parameter can be used to achieve arbitrary SQL statement execution, which can lead to arbitrary code execution with the mysql user privileges. |
| 6.8 | E16-5jl02 |
CVE-2016-3297 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) MS16-104 |
Exploits | This strike exploits a use after free vulnerability in Microsoft Internet Explorer and Edge Browsers. Specifically, if a font element's lang attribute is set to a string, and then its node value is set to null, the string is freed. Later a call to reference this lang attribute will result in a user after free condition. An attacker can use this attack to disclose memory information that can potentially lead to an ASLR bypass. |
| 2.6 | E16-5kd01 |
CVE-2016-3325 CVSS-2.6 (AV:N/AC:H/AU:N/C:P/I:N/A:N) MS16-104 |
Exploits | This strike exploits an information disclosure vulnerability in Microsoft Internet Explorer and Edge. An attacker can craft a malicious HTTP Continue response message and cause an out of bounds read condition in the victim's browser. This can potentially lead to an information disclosure. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 9.3 | E14-3gu01 |
BID-69156 CVE-2014-0606 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) URL |
Exploits | All HTTP Server Response messages no longer include a Host header by default. Any strike that has this header specifically set to a certain value will remain unchanged. With these changes strikes with IDs E13-22h01,E14-3gu01,E14-3rj01 have also had their Host header removed. |
| 9.3 | E13-22h01 |
BID-60971 CVE-2013-3027 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) URL |
Exploits | All HTTP Server Response messages no longer include a Host header by default. Any strike that has this header specifically set to a certain value will remain unchanged. With these changes strikes with IDs E13-22h01,E14-3gu01,E14-3rj01 have also had their Host header removed. |
| 6.8 | E14-3rj01 |
BID-69536 CVE-2014-0991 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) URL |
Exploits | All HTTP Server Response messages no longer include a Host header by default. Any strike that has this header specifically set to a certain value will remain unchanged. With these changes strikes with IDs E13-22h01,E14-3gu01,E14-3rj01 have also had their Host header removed. |