Ticket | Info |
---|---|
DE7984 (1446934) | The following strikes: D14-5r301, B14-32k01, were updated to generate the correct length for SSL Client Hello packets. |
DE8048 | The "Office 365 Outlook Mail Jul 15" superflows and its protocol have been deprecated in favor of the new July 2017 release. |
Name | Category | Info |
---|---|---|
Office365 Outlook Mail Jul17 | Email/WebMail | The use of the Office 365 Outlook Mail website as of July 2017. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Netflix Jul17 | Voice/Video/Media | Netflix is a subscription based provider of streaming media and video-on-demand. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Name | Category | Info |
---|---|---|
Office 365 Outlook Mail Jul 17 | Email/WebMail | The use of the Office 365 Outlook Mail website as of July 2017. All of the available actions for this flow are exercised. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Office 365 Outlook Mail Jul 17 Send Message with Attachment | Email/WebMail | The use of the Office 365 Outlook Mail website as of July 2017. The user accesses the sign in page, signs in, views the inbox, sends a message with attachment then logs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Office 365 Outlook Mail Jul 17 View Message | Email/WebMail | The use of the Office 365 Outlook Mail website as of July 2017. The user accesses the sign in page, signs in, views the inbox, views a message then logs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Netflix July 2017 | Voice/Video/Media | Login to Netflix, search for a movie, view detail information about the movie, start playing it and then pause and resume it. After a short time this is followed by logging out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Netflix Login/Logout July 2017 | Voice/Video/Media | Perform a simple login and then logout for Netflix. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Netflix Play Movie July 2017 | Voice/Video/Media | Search for a Netflix movie and play it. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
10.0 | E17-0frh1 |
BID-98493 CVE-2017-5821 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL ZDI-17-339 |
Exploits | This strike exploits a command injection vulnerability in Hewlett Packard Enterprise (HPE) Intelligent Management Center. When a RestoreZipFile command is issued certain parameters are not properly validated and sanitized. It is possible to pass command injection characters that allow for code injection. An unauthenticated user can send a specially crafted RestoreZipFile command to the target and potentially achieve remote code execution with root privileges. |
10.0 | E17-0frg1 |
BID-98493 CVE-2017-5820 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL ZDI-17-336 |
Exploits | This strike exploits a command injection vulnerability in Hewlett Packard Enterprise (HPE) Intelligent Management Center. When a BackupZipFile command is issued certain parameters are not properly validated and sanitized. It is possible to pass command injection characters that allow for code injection. An unauthenticated user can send a specially crafted BackupZipFile command to the target and potentially achieve remote code execution with root privileges. |
10.0 | E17-qjsm1 |
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-41884 MSF-MODULES/EXPLOITS/LINUX/HTTP/ALIENVAULT_EXEC URL |
Exploits | This strike exploits a command injection vulnerability in the network component of AlienVault. Specifically, when a POST request is made to the fqdn api the host_ip parameter is not properly validated. It is possible to directly pass a command via the host_ip parameter that will get executed in the shell as the root user. |
10.0 | E17-0fr21 |
BID-98088 CVE-2017-5806 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a stack buffer overflow vulnerability in Hewlett Packard Enterprise (HPE) Intelligent Management Center. Because certain data fields of an WSM iNode message are not properly validated if an iNode protocol message is received with an SSID size parameter less than 0x2 an integer underflow occurs. Later this value is used as the size argument in a memcpy instruction which causes a buffer overflow to occur. It may be possible for an unauthenticated user to send a crafted iNode message to the target and potentially achieve remote code execution. |
9.3 | E17-0hv01 |
BID-98703 CVE-2017-8540 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) GOOGLE-1258 SCIP-101815 |
Exploits | This strike exploits a Use-After-Free vulnerability in Microsoft MpEngine GarbageCollection. The vulnerability is due to allowing a callback function to set a global GarbageCollection flag while executing. An attacker could remotely execute arbitrary code on a target system by sending a malicious file via email or enticing a user to view the file in a web browser. |
7.5 | E17-m9km1 |
BID-99484 CVE-2017-9791 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) SECURITYTRACKER-1038838 URL |
Exploits | This strike exploits a remote command execution vulnerability in the Struts 1 plugin in Apache Struts 2.3.x. When using the Struts 1 plugin in Struts 2, and the Struts 1 action and value are part of a message presented to the user, it is possible for an attacker to craft a malicious field value that may allow for remote code execution to occur. |
4.0 | D17-0h6j1 |
BID-99132 CVE-2017-7659 CVSS-4.0 (AV:L/AC:M/AU:N/C:P/I:P/A:P) URL |
Denial | This strike exploits a null pointer dereference vulnerability in Apache. The vulnerability is due to lack of input validation of HTTP Host parameter in module mod_http2 . A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
7.1 | D14-5r301 |
BID-70586 CVE-2014-3567 CVSS-7.1 (AV:N/AC:M/AU:N/C:N/I:N/A:C) URL |
Denial | The following strikes: D14-5r301, B14-32k01, were updated to generate the correct length for SSL Client Hello packets. |
5.8 | B14-32k01 |
BID-65919 CVE-2014-0092 CVSS-5.8 (AV:N/AC:M/AU:N/C:P/I:P/A:N) URL |
Backdoors | The following strikes: D14-5r301, B14-32k01, were updated to generate the correct length for SSL Client Hello packets. |