| Ticket | Info |
|---|---|
| DE6264 (INF1404233) | Replaced incorrect strike strikes/generic/ixia/symantec_client_firewall_denial_of_service_sack_attack.xml with correctly implemented /strikes/denial/tcp/cve_2004_0375_symantec_firewall_freeze.xml |
| DE6276 (1404420) | The SAP flow now allows configuration of the source and destination port. |
| DE6317 | Updated smart strike lists, changing -malware to -path:strikes/malware in order to more accurately filter strike results returned.The following lists were changed: Microsoft Strikes, Critical Strikes, Important Strikes; all Strike Level 1,2,3 for years 2010-2016. |
| Ticket | Info |
|---|---|
| US8118 (21831) | The Diameter flow has been updated to more adequately support tokens in the following settings: "Inband-Security-Id", "Termination Cause", "Result Code", "Origin State Id", "CC Request Type" and "CC Request Number". Please note that the chosen token(s) must produce a value that is consistent with the Diameter specification. More information can be found in RFC 6733 and the Token Substitution section of the product help. |
| US48203 | Added Sandvine 2016 June North America Fixed/Mobile and Latin America Fixed/Mobile application profiles as per the 2016 Global Internet Phenomenon Report. |
| US48643 | When a Conditional Request match/nomatch does not have an associated action(s) then the implicit behavior is to advance to the next action in the Super Flow. This update makes that implicit behavior explicit by adding actions to configured match/nomatch blocks that did not have an associated action(s).As such, each of the following Super Flows have been updated such that every match and mismatch in its Conditional Request actions has a corresponding action. The list of updated Super Flows is as follows: ClientSim Rlogin, ClientSim RTSP, ClientSim SMTP, ClientSim SMTP (Authenticated), ClientSim SNMPv1, ClientSim STUN, ClientSim SunRPC BIND, ClientSim Telnet, ClientSim Time, Confirmed Kill Load Balancer 2010-07-22 HTTP_Cookie, ClientSim Daytime, ClientSim Echo, ClientSim eDonkey, ClientSim Finger, ClientSim Gopher, ClientSim H.225 RAS, ClientSim HTTP, ClientSim Ident. Additionally, many mismatch scenarios have been updated to explicitly fail when a match or mismatch would indicate a failure scenario. For example, the "ClientSim HTTP" Super Flow will fail if an HTTP 400-409 response code is returned by the server. |
| Name | Category | Info |
|---|---|---|
| Baidutieba Jun16 | Social Networking/Search | Emulates the use of the BaiduTieba website as of June 2016. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Google Keep Jun16 | Storage | Google Keep is a note taking application developed by Google. It is available as a mobile app for the Android and iOS mobile operating systems and as a web application. This flow simulates the web application. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Name | Category | Info |
|---|---|---|
| Baidu Tieba Jun 16 Access a Tieba | Social Networking/Search | Emulates the use of the Baidu Tieba website as of June 2016. It emulates to access the homepage of Baidu Tieba; open login tab; login; accesse a tieba and then logout. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Baidu Tieba Jun 16 Login and Logout | Social Networking/Search | Emulates the use of the Baidu Tieba website as of June 2016. It emulates to access the homepage of Baidu Tieba; open login tab; login and then logout. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Baidu Tieba Jun 16 Post a Thread | Social Networking/Search | Emulates the use of the Baidu Tieba website as of June 2016. It emulates to access the homepage of Baidu Tieba; open login tab; login; accesse a tieba; post a thread and then logout. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Google Keep Create and Edit Note | Storage | The user signs into his Google account and accesses Google Keep, creating, modifying and deleting notes and reminders. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Google Keep Install Browser Extension | Storage | The user signs into his Google account, installs the Google Keep extension for Chrome and saves a link. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Google Keep Share Note | Storage | The user signs into his Google account and accesses Google Keep, creating, copying and sharing a note with another user. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Name | Info |
|---|---|
| Sandvine North America Fixed 2016 June | Traffic emulating the mix of applications reported in the Sandvine Global Internet Phenomena Report June 2016 for North America Fixed Access. |
| Sandvine North America Mobile Access 2016 Jun | Traffic emulating the mix of applications reported in the Sandvine Global Internet Phenomena Report June 2016 for North America Mobile Access. |
| Sandvine Latin America Fixed Access 2016 June | Traffic emulating the mix of applications reported in the Sandvine Global Internet Phenomena Report June 2016 for Latin America Fixed Access. |
| Sandvine Latin America Mobile Access 2016 June | Traffic emulating the mix of applications reported in the Sandvine Global Internet Phenomena Report June 2016 for Latin America Fixed Access. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E16-3ns01 |
CVE-2016-0856 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a buffer overflow vulnerability in Advantech WebAccess. A specially crafted DCE/RPC request with OpNum 0x00 and FunctionId 0x00013C71 can overflow a buffer, which could lead to arbitrary code execution or abnormal termination of the WebAccess process. |
| 10.0 | E15-97g01 |
CVE-2015-8044 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to use after free of an object defined in toString function. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 10.0 | E15-97f01 |
CVE-2015-8043 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to improper handling of a this pointer in MovieClip.beginGradientFill. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 10.0 | E15-38n01 |
BID-72283 CVE-2015-0311 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-36360 URL |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use after free when handling the objects referenced by domainMemory. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 10.0 | B16-wvk01 |
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Backdoors | This strike exploits a hard-coded credential vulnerability in Netis/Netcore routers. The vulnerability is due to UDP Port 53413 being externally accessible in combination with an unchangeable authentication string. An attacker could remotely send commands to be executed on the target system as root. |
| 9.3 | E15-8wk01 |
CVE-2015-7652 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use-after-free in the TextField gridFitType setter. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 9.3 | E16-5h601 |
CVE-2016-3210 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) MS16-063 |
Exploits | This strike exploits a use after free vulnerability in Microsoft Internet Explorer's Javascript library. Specifically when creating a TypedArray - Array Buffer object with any of the array constructors as a view, and then sending that object as an argument of a worker script message, a use after free condition can occur. This results in memory corruption and can lead to a denial of service or potentially remote code execution. |
| 5.0 | E16-6g101 |
BID-91278 CVE-2016-4465 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) URL |
Exploits | This strike exploits a denial of service vulnerability in Apache Struts. The URLValidator class improperly handles URLs with many forward slash characters during validation. The improper handling leads to resource exhaustion. An attacker can send a specially crafted HTTP request which to a Struts application which accepts URLs as a parameter to exploit this vulnerability. Successful exploitation may result in a denial of service condition. |
| 4.3 | E16-6u301 |
CVE-2016-4971 CVSS-4.3 (AV:N/AC:M/AU:N/C:N/I:P/A:N) URL |
Exploits | This strike exploits a file upload vulnerability in wget. The vulnerability is due to wget's lacks of filename checking allows arbitrary file upload via FTP redirect. By exploiting this vulnerability an attacker could upload arbitrary code on the target machine. |