Ixia ATI Update 2018-15 (337055)

Defects Resolved

Ticket Info
DE9422 Added proxy support to the "GoDaddy Use Website Builder Tool Nov17" superflow. Fixed wrong encoding of some HTTP elements.
DE9828 Strike E17-0bdv1, CVE-2017-0147, was triggering a crash when run against a particular DUT. This has been fixed and the strike now runs correctly through the DUT.

Enhancements

Ticket Info
US87486 Added support for NP tokens which can now be used with the supported IPFIX Information Elements. Added new parameter to each action that makes NP tokens the default data generators - 'Use Tokens for Default Values'. Added the ability to loop the actions either using parameters or GoTo actions, new parameters: 'Data Message Repetitions', 'Number of Observation Domains'. Removed unnecessary UI parameters.
US88228 Added proxy support to the HTTP traffic of the super flows: "Google Hangouts Phone Call", "Google Hangouts Text Chat", "Google Hangouts". Added synchronization cookies to the HTTP part of the traffic.

New Strikes (13)

CVSS ID References Category Info
9.3 E18-28ac1 BID-104052
CVE-2018-8161
CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)
SECURITYTRACKER-1040853
URL
Exploits This strike exploits a use after free vulnerability in Microsoft Office Outlook. The vulnerability is due to the improper handling of a MIME message with a Content-Type specifying HTML content. A specially crafted email could lead to arbitrary code execution on the target server or abnormal termination within the context of the Outlook process.
9.3 D18-0jmq1 BID-102859
CVE-2018-0834
CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)
EXPLOITDB-44078
GOOGLE-1455
SECURITYTRACKER-1040372
Denial This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in Javascript Chakra engine. It is possible to craft Javascript in such a way that when optimizing InitProto instructions type confusion will occur. This may lead to a denial of service condition in the browser, or potentially remote code execution.
8.3 E18-8vnp1 CVE-2018-1000517
CVSS-8.3 (AV:N/AC:M/AU:N/C:P/I:P/A:C)
URL
Exploits This strike exploits a heap buffer overflow vulnerability found in BusyBox wget module. The vulnerability is due to insufficient validation of chunk length while parsing server response. Remote attackers can exploit this vulnerability by crafting a malicious HTTP response packet with chunked transfer encoding. Successful exploitation could lead to code execution on the target system.
7.6 D18-0jl52 BID-102402
CVE-2018-0777
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
EXPLOITDB-43718
GOOGLE-1429
Denial This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in Javascript Chakra engine. It is possible to craft Javascript in such a way that will cause an OOB read/write to occur when dealing with loop optimization. This may lead to a denial of service condition in the browser, or potentially remote code execution.
7.5 E18-0l7y1 CVE-2018-2894
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits A file upload vulnerability was found in the Oracle WebLogic Server component of Oracle Fusion Middleware. The vulnerability is caused by the lack of proper input sanitisation of the Weblogic Web Service Test Page. Successful exploitation can result in arbitrary code execution in the context of the user running WebLogic.
7.5 E18-8vo51 CVE-2018-1000533
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
EXPLOITDB-44993
URL
Exploits This strike exploits a parameter injection vulnerability found in klaussilveira GitList. The vulnerability is due to insufficient validation of input supplied to php function 'escapeshellarg' within searchTree form. Remote attackers can exploit this vulnerability by crafting a malicious HTTP POST request, ultimately gaining code execution on the target system.
7.5 E18-0pt91 BID-104190
CVE-2018-8845
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
ZDI-18-527
Exploits This strike exploits a heap overflow vulnerability in Advantech WebAccess software. The vulnerability is due to the lack of proper boundary checking for the function VdBroadWinGetLocalDataLogEx. A specially crafted DCE/RPC request could lead to arbitrary code execution on the target server or abnormal termination within the context of the WebAccess process.
6.0 E18-0p5z1 BID-104741
CVE-2018-8007
CVSS-6.0 (AV:N/AC:M/AU:S/C:P/I:P/A:P)
Exploits This strike exploits a remote code execution in Apache CouchDB. The vulnerability is caused by insufficient validation of administrator supplied configuration settings on HTTP requests. Successful exploitation could allow an attacker to trigger a remote command execution on the target server.
5.0 E18-0qxk1 BID-104612
CVE-2018-0296
CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P)
EXPLOITDB-44956
URL
Exploits This strike exploits a vulnerability of the Cisco Adaptive Security Appliance (ASA) web interface. The vulnerability is due to improper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a specially-crafted HTTP request to the target device. A successful exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information.
4.4 E18-5irt1 CVE-2018-11529
CVSS-4.4 (AV:L/AC:M/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a use after free vulnerability in VideoLan VLC Media Player. The vulnerability is due to unsafe parsing of the UAF objects within the MKV header. An attacker may potentially leverage the vulnerability by specially crafting MKV files, to corrupt sensitive data or execute arbitrary code. Failed exploit attempts will likely result in denial of service conditions.
4.3 E18-5kzc1 CVE-2018-14392
CVSS-4.3 (AV:N/AC:M/AU:N/C:N/I:P/A:N)
URL
Exploits This strike exploits a reflected cross-site scripting vulnerability found in MyBB open source PHP forum platform. This vulnerability is due to inadequate input filtering in the web interface, while parsing input passed to 'subject' parameter within newthread.php. By exploiting this vulnerability an attacker could cause arbitrary HTML/script code to be executed by the target user's browser.
4.3 E18-0job4 BID-103309
CVE-2018-0891
CVSS-4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N)
EXPLOITDB-44312
GOOGLE-1461
Exploits This strike exploits a vulnerability in Microsoft Internet Explorer. Specifically, the vulnerability exists in the Javascript jscript.dll library. It is possible to craft Javascript in such a way that when making a call to the RegExp.lastMatch function information will be disclosed. In this case memory contents are dumped to the user. It is also possible that this may lead to a denial of service condition in the browser.
3.5 E18-0nl81 CVE-2018-5964
CVSS-3.5 (AV:N/AC:M/AU:S/C:N/I:P/A:N)
URL
Exploits This strike exploits a reflected cross-site scripting vulnerability in CMS Made Simple 2.2.5. This vulnerability is due to improper http input filtering in the web interface within admin/moduleinterface.php. By exploiting this vulnerability an attacker could cause arbitrary HTML/script code to be executed by the target user's browser.