| Ticket | Info |
|---|---|
| DE6936 (1422336) | The Diameter "Generic Command" action now properly supports the use of tokens in the "Command Code" field. |
| DE6966 | Fix the chargen application protocol to change destination port if specified in superflow. |
| DE6986 (1423682) | The "NGFW Enterprise Perimeter Traffic Mix 2016" application profile has been updated to use the latest Gmail Classic Super Flow. |
| DE6995 | Resolves an issue in which the "Angler EK" Super Flow generates a system error. The behavior of the Super Flow has not changed. |
| Ticket | Info |
|---|---|
| US59002 | The Application Profiles called "BreakingPoint Application Protocols A-M" and "BreakingPoint Application Protocols N-Z" have been deprecated. After this and subsequent ATI updates they will no longer appear in the Application Profile Manager, but still be usable in tests that contain them. They will also continue to be updated. |
| US59107 | The SNMPv2c application can now send messages larger than 128 bytes. |
| Name | Category | Info |
|---|---|---|
| The_Weather_Channel Nov 16 | Mobile | The Weather Channel (TWC) is an application which broadcasts weather forecasts as well as weather related news stories. This simulation is of an iPhone user browsing the various items on and off the main page. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Yammer Nov 16 | Social Networking/Search | Yammer, Inc. is a freemium enterprise social network service that was launched in 2008 and sold to Microsoft in 2012. Yammer is used for private communication within organizations and is an example of enterprise social software. Access to a Yammer network is determined by a user's Internet domain so that only individuals with appropriate email addresses may join their respective networks. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Microsoft Azure Nov16 | System/Network Admin | Microsoft Azure is a cloud computing platform and infrastructure created by Microsoft for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Name | Category | Info |
|---|---|---|
| Amazon Video Bandwidth | Voice/Video/Media | Emulates the use of Amazon Video as of March 2016. The user loads the sign-in page, signs in, views their watchlist and selects and plays a video. Playback is paused and restarted and later it is terminated and the user logs out. The parameters here are set for high bandwidth that could be used in Sandvine profiles. |
| DDoS SSL Key Exchange Flood | Secure Data Transfer | This attack sends a flood of SSL initial key exchange messages. Since the server has to compute the initial key exchange message, its CPU usage will rise. |
| DDoS SSL HTTP Post Flood | Security | Sends a large amount of data via HTTP Post method over SSL. Consumes CPU and memory resources on target as it decrypts the contents. |
| DDoS QoTD Reflection Flood | System/Network Admin | The QoTD flood sends a flood of UDP Datagrams targeted at a server. It is a reflection attack caused by forged messages sent to a listening "Quote of the Day" server. |
| DDoS SNMPv2 Bulk Response Flood | System/Network Admin | The SNMP Bulk Response flood sends a flood of UDP datagrams targeted at a server. It is a reflection attack caused by a forged BulkGet Request requesting common OID's repeatedly. |
| DDoS UDP Chargen Reply Flood | System/Network Admin | This attack leverages the Chargen service to send a large amount of reflected traffic at a victim. Chargen is a service that simply sends out a string of characters for the purposes of basic troubleshooting. |
| The Weather Channel Nov. 2016 | Mobile | Simulation of an iPhone user browsing The Weather Channel (TWC) main page and detail pages for the hourly weather as well as the weather for the next 15 days. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Yammer Nov. 2016 | Social Networking/Search | Yammer is a enterprise social network service. It is is used for private communication within organizations and is an example of enterprise social software. In this emulation the user has already signed in using her email address which has detemined the Yammmer network she has access to. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Microsoft Azure | System/Network Admin | Traffic that simulates signing up with Microsoft Azure, navigating the platform and creating a simple web app. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Microsoft Azure Create App | System/Network Admin | Traffic that simulates navigating through the Microsoft Azure platform and creating a simple web app. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Microsoft Azure Sign Up | System/Network Admin | Traffic that simulates signing up with Microsoft Azure. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Name | Info |
|---|---|
| Top Five Streaming Apps 2016 | This traffic mix represents five of the most popular streaming applications in 2016. |
| Name | Info |
|---|---|
| DDoS SSL Key Exchange Flood | This attack sends a flood of SSL initial key exchange messages. Since the server has to compute the initial key exchange message, its CPU usage will rise. |
| DDoS SNMPv2 Bulk Response Flood | The SNMP Bulk Response flood sends a flood of UDP datagrams targeted at a server. It is a reflection attack caused by a forged BulkGet Request requesting common OID's repeatedly. |
| DDoS UDP Chargen Reply Flood | This attack leverages the Chargen service to send a large amount of reflected traffic at a victim. Chargen is a service that simply sends out a string of characters for the purposes of basic troubleshooting. |
| DDoS QoTD Reflection Flood | The QoTD flood sends a flood of UDP Datagrams targeted at a server. It is a reflection attack caused by forged messages sent to a listening 'Quote of the Day' server. |
| DDoS SSL HTTP Post Flood | Sends a large amount of data via HTTP Post method over SSL. Consumes CPU and memory resources on target as it decrypts the contents. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E15-5es01 |
APSB-15-16 BID-75590 CVE-2015-3124 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) GOOGLE-349 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to an use after free in display list handling. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 10.0 | E15-5eq01 |
APSB-15-16 BID-75595 CVE-2015-3122 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) GOOGLE-344 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. There is a type confusion occurs when SharedObject Destructor setting data to normal type. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 10.0 | E15-5eo01 |
APSB-15-16 BID-75595 CVE-2015-3120 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) GOOGLE-337 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The type confusion occurs when the FileReferenceList.browse function is attempting to add the files to the fileList object. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 10.0 | E15-5em01 |
APSB-15-16 BID-75590 CVE-2015-3118 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) GOOGLE-342 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use after free in the TextFilter.filters array. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 9.7 | E16-0f601 |
CVSS-9.7 (AV:N/AC:L/AU:N/C:C/I:C/A:P) EXPLOITDB-40693 MSF-MODULES/EXPLOIT/WINDOWS/FTP/WINAXE_SERVER_READY |
Exploits | This strike exploits a flaw in the WinAxe FTP client v7.7 that allows a malicious server to send an overly long string in the server command responses. This can result in either a denial of service condition in the service or lead to remote code execution in the context of the currently logged on user allowing for complete compromise of the remote system. |
| 9.3 | E16-5m201 |
BID-93426 CVE-2016-3386 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) EXPLOITDB-40605 MS16-119 |
Exploits | This strike exploits a vulnerability in Microsoft Edge. Specifically if the spread operator is used on an array, the CallSpreadFunction calls spreadArgs in an attempt to split each element into objects. If the length of this array is altered while a different object maintains a reference to this array, the spread operator does not update the new length. An attacker can craft javascript in such a manner that will cause memory corruption to occur, causing a denial of service in the browser and potentially leading to remote code execution. |
| 8.5 | E16-73l02 |
BID-93284 CVE-2016-5313 CVSS-8.5 (AV:N/AC:M/AU:S/C:C/I:C/A:C) SECURITYTRACKER-1036973 URL |
Exploits | This strike exploits a command execution vulnerability in Symantec Web Gateway. Authenticated requests to the URI /spywall/new_whitelist.php are used to create whitelists. The parameter white_ip is not validated if the sid parameter is non-zero. The value of white_ip will later be used in a shell command, allowing for arbitrary command execution with administrative privileges. An authenticated attacker could send specially crafted HTTP messages to achieve arbitrary command execution with administrative privileges. |
| 7.8 | D16-55401 |
BID-93188 CVE-2016-2776 CVSS-7.8 (AV:N/AC:L/AU:N/C:N/I:N/A:C) SECURITYTRACKER-1036903 URL |
Denial | This strike exploits a denial of service vulnerability in ISC BIND. If a DNS response contains a TSIG RR of a certain length in the Options Response Records section, BIND will encounter an assertion failure when attempting to process the packet. This causes the named process to terminate abnormally and leads to a denial of service condition. |
| 7.6 | E16-8l401 |
BID-94046 CVE-2016-7240 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) GOOGLE-948 MS16-129 |
Exploits | This strike exploits a vulnerability in Microsoft Edge. Specifically if an eval function is called from a Proxy object, the EntryEvalHelper function does not properly verify the internal arguments and they get converted to objects of a different type. This creates a type confusion vulnerability. An attacker can craft javascript in such a manner that will cause memory corruption to occur, causing a denial of service in the browser and potentially leading to remote code execution. |
| 7.5 | E16-90n01 |
BID-93264 CVE-2016-7799 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits an out of bounds array-indexing vulnerability in ImageMagick. When processing TIFF headers, typically found in jpeg or TIFF files, the Data Type Flag value is incorrectly checked as a signed value. Negative values will erroneously pass the check, and are later interpreted as very large unsigned values. These values are later used to access an array, leading to an out-of-bounds array-indexing condition. By enticing a user to process or upload a specially crafted image to a server which automatically processes images, an attacker could cause arbitrary code to be executed. |