Ticket | Info |
---|---|
DE6791 | Altered strike cve_2016_2569_squid_vary_header_long_string_denial_of_service.xml to support source NAT configurations. |
DE7259 (1430303) | Desynchronization between client and server when Ignore HTTP Headers evasion profile option is set was fixed for FileTransfer strikes. |
DE7419 (1433725) | Update the destination port for the DCE RPG Endpoint Mapper flow to 135 (instead of 111). This makes the behavior more correct. |
DE7442 | The '3GPP LI Handover' and '3GPP LI Handover (Lawful Intercept)' Super Flows have been modified to remove extra segments which could appear in their flows. |
DE7452 | A change has been made to the HTTP application such that some tests that use the default Client Profile setting may now return a different random profile. This can result in differences in headers and header values (User-Agent, ...). |
DE7459 | Changed the X-Forwarded-For header in the attack to be a random IP address. |
DE7352 | Old certificate used for SSL was expired and now it is replaced with a new valid certificate. |
Ticket | Info |
---|---|
US55265 | Added a new options for SSL Evasion Group: Security Protocol. This evasion option allows for selecting the encryption protocol to be used for sending data. The options include: TLS1.2 (default), TLS1.1, TLS1 and SSLv3 (previous default). |
US64260 | Update Default SSL Strikes list with new strikes that had the default_over_ssl keyword added to their metadata. |
Name | Category | Info |
---|---|---|
Appogee Leave Mar17 | Enterprise Applications | Appogee HR is a Cloud Solution Provider providing software as service applications. Appogee Leave is their online absence management system for tracking PTO, vacation and other staff absences. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Name | Category | Info |
---|---|---|
Appogee Quick Calendar Review | Enterprise Applications | Appogee Leave is an online absence management system for tracking PTO, vacation and other staff absences. In this simulation a user logs in, check the leave calendar and then log out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Appogee Team Manager Access | Enterprise Applications | Appogee Leave is an online absence management system for tracking PTO, vacation and other staff absences. In this simulation a team manager logs in, requests a day off and then view information about their team before logging out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
10.0 | E17-tejn1 |
CVE-2017-6343 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike extracts the username and password from Dahau brand IP Cameras. The password is retrieved from known static paths from the device. The URL is dependent on model generation. |
10.0 | E17-5b001 |
APSB-17-04 BID-96190 CVE-2017-2988 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) GOOGLE-1013 |
Exploits | This strike exploits a command execution vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA). |
7.8 | D17-0fux1 |
CVE-2017-5945 CVSS-7.8 (AV:N/AC:L/AU:N/C:N/I:N/A:C) SECURITY_TRACKER-1037688 URL |
Denial | This strike exploits denial of service vulnerability in Quagga VTY. The vulnerability is due to lack of input validation on user-supplied data. By sending a large amount of data to the Quagga VTY, an unauthenticated attacker could trigger a denial-of-service condition. |
7.6 | E17-31z01 |
BID-96681 CVE-2017-0071 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) GOOGLE-1045 MS17-007 |
Exploits | This strike exploits a vulnerability in Microsoft Edge's Chakra.dll component. Specifically, the vulnerability lies in the ProfiledLdElem function of the JS::ProfilingHelpers method. An attacker can craft javascript that allows for a javascriptArray object to get processed as a javascriptNativeArray or javascriptfloatArray, which leads to type confusion. A successful attack may cause a denial of service condition in the browser or lead to remote code execution. |
7.6 | E17-30a01 |
BID-96059 CVE-2017-0010 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) MS17-007 |
Exploits | This strike exploits a vulnerability in Microsoft Edge. Specifically, the vulnerability lies in the CheckModuleReturn function of the AsmJSCompiler method. Due to improper validation, when experimental Javascript features are enabled in the Edge browser and the AsmJSCompiler::CheckModuleReturn function is called on a NULL object, it is possible to corrupt memory. This may result in a denial of service condition in the browser or potentially lead to remote code execution. |
5.0 | D16-30001 |
CVE-2016-10159 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) URL |
Denial | This strike causes a denial of service in PHP due to a integer overflow when parsing a phar file. The flaw is a bounds check for the filename length field embedded in the file. A malicious file can cause a PHP server to crash. |
4.3 | E17-4tl01 |
BID-95723 CVE-2017-2361 CVSS-4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N) GOOGLE-1040 |
Exploits | This strike exploits a vulnerability in MacOS HelpViewer. Specifically, HelpViewer's WebView has a protocol handler x-help-script, that can be used to access a local file via path traversal. An attacker can craft javascript that will allow for an XMLHTTP request to open this local file. This strike demonstrates this by opening one of the following apps, Calculator, Messages, Preview, or Notes, by accessing this HTML on a remote server with a vulnerable version of MacOS. |
4.3 | E17-31t01 |
BID-96648 CVE-2017-0065 CVSS-4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N) MS17-007 |
Exploits | This strike exploits an information disclosure vulnerability in Microsoft Edge. Specifically, the vulnerability lies in the _LoadRMHTML function of CReadingModeViewerEdge. A remote attacker can determine, through the read URI scheme, whether or not a file exists on a target system. |
4.3 | E17-30801 |
BID-96073 CVE-2017-0008 CVSS-4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N) MS17-006 |
Exploits | This strike exploits an information disclosure vulnerability in Microsoft Internet Explorer. Specifically, the vulnerability lies in the DoParseAndBind function of the MSHTML!CResProtocol method. An attacker can create javascript in such a way that uses an onreadystatechange event handler to monitor the number of times a loading event is fired to determine whether or not a portable executable exists on the target's local filesystem. This strike demonstrates this by checking a static list of PE files that may or may not exist, and sends the results back to the attacker. |
4.0 | E17-0j001 |
CVSS-4.0 (AV:N/AC:L/AU:S/C:P/I:N/A:N) URL ZDI-17-077 |
Exploits | This strike exploits an information disclosure vulnerability in Trend Micro Control Manager. The vulnerability is due to improper checks of user-supplied input before executing an XML query. An authenticated attacker can leverage this vulnerability to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. NOTE: By default the vulnerable services are accessed via SSL connection (port 443) |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
9.3 | R16-d0a01 |
CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) EXPLOITDB-40273 |
Recon | Update Default SSL Strikes list with new strikes that had the default_over_ssl keyword added to their metadata. |
9.3 | R16-24401 |
CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) EXPLOITDB-40272 |
Recon | Update Default SSL Strikes list with new strikes that had the default_over_ssl keyword added to their metadata. |
9.3 | E16-31v01 |
CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) EXPLOITDB-40273 |
Exploits | Update Default SSL Strikes list with new strikes that had the default_over_ssl keyword added to their metadata. |
9.3 | E16-r9m01 |
CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) EXPLOITDB-40272 |
Exploits | Update Default SSL Strikes list with new strikes that had the default_over_ssl keyword added to their metadata. |
9.0 | E15-5ss01 |
BID-77666 CVE-2015-3628 CVSS-9.0 (AV:N/AC:L/AU:S/C:C/I:C/A:C) EXPLOITDB-38764 SECURITYTRACKER-1034306 SECURITYTRACKER-1034307 URL |
Exploits | Update Default SSL Strikes list with new strikes that had the default_over_ssl keyword added to their metadata. |
8.5 | E17-0f801 |
CVSS-8.5 (AV:N/AC:M/AU:S/C:C/I:C/A:C) ZDI-17-122 ZDI-17-123 ZDI-17-124 |
Exploits | Update Default SSL Strikes list with new strikes that had the default_over_ssl keyword added to their metadata. |
8.5 | E16-rfh01 |
CVSS-8.5 (AV:N/AC:M/AU:S/C:C/I:C/A:C) SECURITYTRACKER-1035949 ZDI-ZDI-16-348 |
Exploits | Update Default SSL Strikes list with new strikes that had the default_over_ssl keyword added to their metadata. |
8.5 | E16-73l02 |
BID-93284 CVE-2016-5313 CVSS-8.5 (AV:N/AC:M/AU:S/C:C/I:C/A:C) SECURITYTRACKER-1036973 URL |
Exploits | Update Default SSL Strikes list with new strikes that had the default_over_ssl keyword added to their metadata. |
7.8 | E15-j9p01 |
CVSS-7.8 (AV:N/AC:L/AU:N/C:C/I:N/A:N) EXPLOITDB-38090 URL |
Exploits | Update Default SSL Strikes list with new strikes that had the default_over_ssl keyword added to their metadata. |
6.8 | E17-0e7z1 |
BID-95737 CVE-2017-3823 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) GOOGLE-1096 URL |
Exploits | Update Default SSL Strikes list with new strikes that had the default_over_ssl keyword added to their metadata. |
6.5 | E16-7u201 |
CVE-2016-6266 CVSS-6.5 (AV:N/AC:L/AU:S/C:P/I:P/A:P) URL |
Exploits | Update Default SSL Strikes list with new strikes that had the default_over_ssl keyword added to their metadata. |
5.0 | D16-4zd01 |
BID-83406 CVE-2016-2569 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) SECURITYTRACKER-1035101 URL |
Denial |
|