| Ticket | Info |
|---|---|
| DE7902 (1445544) | Strike E07-1dl01 for CVE-2007-1785 was incorrectly using UDP instead of TCP and had and incorrect length header in the malicious payload. This has been corrected. |
| DE7925 | Fixed strike E17-0bdt1 (CVE 2017-0143) to send smb response from server interface instead of client. |
| DE7955 | Strike E17-7cm01 had the destination port changed from 8080 to 80 and it now uses a random host name instead of the destination IP address in the HTTP Host header. |
| Ticket | Info |
|---|---|
| US20323 (1302061) | Added new parameter "Attachment Transfer-Encoding" for POP3 (advanced) protocol, which allows the user to set the attachment encoding different from the email body. |
| US68123 | The Zalo May17 protocol has been updated to include a new action and super flow that simulates Zalo's Audio/Video capabilities. |
| Name | Category | Info |
|---|---|---|
| Zalo Audio/Video Session | Voice/Video/Media | Zalo is an application for mobile devices that allows its users to send and receive messages including photos, videos, and contact information. Zalo startup is simulated here. This is followed by an audio/video conversation with a peer. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Name | Category | Info |
|---|---|---|
| Retail Chain Traffic Mix | Enterprise Applications | This Application Profile simulates traffic mix commonly seen in retail companies. |
| Name | Info |
|---|---|
| Retail Chain Traffic Mix via IPSec | This Test consists of traffic mix commonly seen in retail companies, such as HTTPS, SSL, SMB, SMBv2. It runs over IPSec. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E17-0frc1 |
BID-98469 CVE-2017-5816 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a command injection vulnerability in Hewlett Packard Enterprise (HPE) Intelligent Management Center. When a RestartDB command is issued certain parameters are not properly validated and sanitized. It is possible to pass command injection characters that allow for code injection. An unauthenticated user can send this RestartDB command with a crafted dbInstance parameter to the target and potentially achieve remote code execution. |
| 10.0 | E17-0c441 |
BID-98615 CVE-2017-1092 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a heap buffer overflow in IBM Informix Dynamic Server heap buffer overflow. The vulnerability is due to lack of input validation of HTTP post request to index.php. This vulnerability could allow an unauthorized user to execute arbitrary code as system admin on Windows servers |
| 7.5 | E17-0i5h1 |
BID-98515 CVE-2017-8917 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-42033 SCIP-101448 URL |
Exploits | This strike exploits an SQL injection vulnerability in Joomla! 3.7. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure, database corruption, denial of service and others. |
| 5.0 | R17-aolx1 |
CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) MSF-MODULES/AUXILIARY/SCANNER/SMB/SMB_MS17_010.RB URL |
Recon | This strike emulates the reconnaissance tool known as smbtouch. The tool attempts to determine whether or not Microsoft's MS17-010 patch for the leaked Equation Group SMB exploits is installed on the target system. It does this by connecting to an IPC$ tree with a transaction FID 0, and if the transaction response is SERVER_INSUFF_RESOURCES, the patch is not installed on the machine. |
| 5.0 | D17-u2z51 |
CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) URL |
Denial | This strike exploits a Memory Corruption vulnerability in Microsoft WINS server. The vulnerability is due to the inability of the WINS server to handle multiple, simultaneous replication sessions. By sending multiple, specific Replication messages, an attacker can trigger a denial-of-service condition (100% CPU utilization or process crash). * NOTE: For testing OneArm mode, the client IP address must be set to the IP address of a previously configured Replication Partner. |
| 4.0 | D17-m9dr1 |
BID-98736 CVE-2017-9287 CVSS-4.0 (AV:N/AC:L/AU:S/C:N/I:N/A:P) SECURITYTRACKER-1038591 URL |
Denial | This strike exploits a denial of service vulnerability in OpenLDAP. If the value of pagedResultsControl is set to zero, a double free will occur. Successful Exploitation will cause abnormal termination of the slapd process, leading to a denial of service condition. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 9.3 | E17-0bdt1 |
BID-96703 CVE-2017-0143 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) MS17-010 SCIP-98018 |
Exploits | Fixed strikes/exploits/smb/cve_2017_0143_smb_dataDisplacement_buffer_overflow.xml to send smb response from server interface instead of client. |
| 7.1 | E07-1dl01 |
BID-23209 CVE-2007-1785 CVSS-7.1 (AV:N/AC:H/AU:S/C:C/I:C/A:C) |
Exploits | Strike E07-1dl01 for CVE-2007-1785 was incorrectly using UDP instead of TCP and had and incorrect length header in the malicious payload. This has been corrected. |