| Ticket | Info |
|---|---|
| DE9661 (1481227) | The strike for CVE-2018-7284 was incorrectly using "Allow" headers instead of "Accept" headers. This has been corrected. |
| Ticket | Info |
|---|---|
| US83161 | HTTP proxy support was added to Yahoo Mail SuperFlow. |
| US83736 | HTTP proxy support was added to Outlook Web Access SuperFlow. |
| US83743 | HTTP proxy support was added to Pandora (iPhone). |
| US83747 | HTTP proxy support was added to Facebook Chrome. |
| US86869 | The following Application Profiles were updated: 1. BreakingPoint NGFW Enterprise Perimeter Traffic Mix 2016 - Youtube October 2011 (Deprecated) was replaced with YouTube September 2016 2. BreakingPoint NGFW European Mobile Carrier Traffic Mix 2016 - Youtube Mobile (Apple iPod Touch) August 2011 was replaced with YouTube Music 3. BreakingPoint NGFW Financial Traffic Mix 2016 - Youtube October 2011 (Deprecated) was replaced with YouTube September 2016 4. BreakingPoint NGFW Internal Segmentation Traffic Mix 2016 - YouTube Enterprise October 2011 was replaced with YouTube September 2016 5. BreakingPoint NGFW US Mobile Carrier Traffic Mix 2016 - Youtube Mobile (Apple iPod Touch) August 2011 was replaced with YouTube Music 6. FW - Enterprise Traffic - Bandwidth BitTorrent (Deprecated) was replaced with Bandwidth BitTorrent File Download 7. IPS - EnterpriseTraffic - Bandwidth BitTorrent (Deprecated) was replaced with Bandwidth BitTorrent File Download |
| Name | Category | Info |
|---|---|---|
| Gmail Apr18 | Email/WebMail | Simulates the use of the Gmail website as of April 2018. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Service-Now May18 | Enterprise Applications | Simulates the use of the Service Now as of May 2018. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Facebook Apr18 | Social Networking/Search | Simulates the use of the Facebook website as of April 2018. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Twitter Jan16 | Social Networking/Search | Emulates the use of the Twitter website as of January 2016. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Name | Category | Info |
|---|---|---|
| Gmail Apr 18 | Email/WebMail | Simulates the use of the Gmail website as of April 2018. All of the available actions for this flow are exercised. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Gmail Apr 18 Send Message | Email/WebMail | Simulates the use of the Gmail website as of April 2018. The user accesses the sign in page, signs in, views the inbox, sends a message then logs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Gmail Apr 18 Send Message with Attachment | Email/WebMail | Simulates the use of the Gmail website as of April 2018. The user accesses the sign in page, signs in, views the inbox, sends a message with attachment then logs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Gmail Apr 18 View Message | Email/WebMail | Simulates the use of the Gmail website as of April 2018. The user accesses the sign in page, signs in, views the inbox, views a message then logs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Gmail Apr 18 View Message with Attachment | Email/WebMail | Simulates the use of the Gmail website as of April 2018. The user accesses the sign in page, signs in, views the inbox, views a message that contains an attachment then logs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Service-Now May 18 | Enterprise Applications | Simulates the use of the Service-Now as of May 2018. The user logs in, views an incident, reports an incident and logs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Service-Now May 18 Report Incident | Enterprise Applications | Simulates the use of the Service-Now as of May 2018. The user logs in, reports an incident and logs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Facebook Apr 18 | Social Networking/Search | Simulates the use of the Facebook website as of April 2018. All of the available actions for this flow are exercised. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Twitter Jan 16 | Social Networking/Search | Emulates the use of the Twitter website as of January 2016. All of the available actions for this flow are exercised. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Twitter Jan 16 Post Status | Social Networking/Search | Emulates the use of the Twitter website as of January 2016. The user accesses the sign in page, signs in, views the home timeline, posts a status then signs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Twitter Jan 16 View Home Timeline | Social Networking/Search | Emulates the use of the Twitter website as of January 2016. The user accesses the sign in page, signs in, views the home timeline then signs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Name | Info |
|---|---|
| Business Utilities | Mix of some of the most popular SaaS and cloud applications among business users. |
| Cloud Applications 2017 Part 1 | Part one of the traffic mix made of 2017's most common 20 cloud applications. |
| Social Media Bandwidth | Mix containing traffic of the most popular social media applications. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 9.0 | E08-yhfz2 |
BID-31789 CVE-2008-4687 CVSS-9.0 (AV:N/AC:L/AU:S/C:C/I:C/A:C) EXPLOITDB-44611 SCIP-44658 URL |
Exploits | This strike exploits a post-authentication remote code execution vulnerability found in Mantis WebServer. The vulnerability is due to improper input validation passed to a sort parameter of the manage_proj_page.php resource. An attacker could exploit this vulnerability by crafting a special HTML POST request, resulting in a code execution condition under the privileges of the current user. |
| 7.8 | E18-0yga2 |
CVSS-7.8 (AV:N/AC:L/AU:N/C:C/I:N/A:N) EXPLOITDB-44650 |
Exploits | The vulnerability allows attackers read access to arbitrary file contents accessible in the Cisco SA520W Security Appliance server by insufficient validation of user input on requests. Successful exploitation could result in arbitrary file access on the target server. |
| 7.6 | E18-3dtt1 |
BID-101137 CVE-2017-11809 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-42999 GOOGLE-1338 |
Exploits | This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that uninitialized local variables can be accessed. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
| 7.6 | E18-3dtd1 |
CVE-2017-11793 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-43368 GOOGLE-1381 |
Exploits | This strike exploits a vulnerability in the Microsoft Internet Explorer browser. Specifically, the vulnerability exists in Jscript.dll. It is possible to craft Javascript in such a way that a user after free condition can occur in JSONStringifyObject. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
| 7.5 | E18-5i6f1 |
CVE-2018-10759 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a remote file inclusion vulnerability in ProjectPier. The vulnerability is due to improper sanitization of "id" parameter in requests to patch.php script. By exploiting this vulnerability, a remote, unauthenticated attacker could execute arbitrary commands or SQL statements. Note: When run in one-arm mode, this strike will retrieve a malicious sql file from an attacker-controlled web server (http://172.16.2.210:8000/mal) and execute it on the target. |
| 7.5 | E18-0k0n1 |
BID-104001 CVE-2018-1335 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a post-authentication remote code execution vulnerability found in Apache Tika Server. The vulnerability is due to improper input validation while processing HTTP headers from client requests. An attacker could exploit this vulnerability by crafting a special HTML request, resulting in execution of arbitrary commands under the privileges of the current user. |
| 7.5 | E18-5hqg1 |
CVE-2018-10184 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a code execution vulnerability in HAProxy. The vulnerability is due to improper validation of frame length on incoming HTTP/2 packets. By sending a malicious request to the target server, the attacker can cause denial-of-service conditions on the proxy service. |
| 7.1 | E18-0jw41 |
CVE-2018-1172 CVSS-7.1 (AV:N/AC:M/AU:N/C:N/I:N/A:C) URL ZDI-18-309 |
Exploits | This strike exploits a code execution vulnerability in Squid Proxy. The vulnerability is due to improper handling of objects in memory within the ESI and OpenSSL functionalities of the server. By sending a crafted ESI responses to the target server, the attacker can cause denial-of-service conditions on the target proxy service. |
| 7.0 | E18-0nyy1 |
CVE-2018-6458 CVSS-7.0 (AV:N/AC:M/AU:S/C:N/I:P/A:C) URL |
Exploits | This strike exploits cross site request forgery vulnerabilities in Easy Hosting Control Panel. This vulnerability is due to lack of CSRF tokens to protect against malicious HTTP requests. By enticing an authenticated user to visit an attacker controlled webpage or click a malicious link, an attacker could delete the entire database or manipulate the availability of different services running on the server. |
| 6.9 | E18-5igo1 |
CVE-2018-11128 CVSS-6.9 (AV:L/AC:M/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a stack buffer overflow vulnerability in PDFParser. The vulnerability is due to improper bounds checking by the ObjReader::ReadObj function in ObjReader.cpp. By enticing a user to import a specially crafted file, an attacker could potentially run arbitrary code on the target system. |
| 6.8 | E18-0y8d1 |
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) EXPLOITDB-44658 |
Exploits | This strike exploits a stack based buffer overflow vulnerability in Easy MPEG to DVD Burner 1.7.11. If a username is imported with an overly large amount of data under the register section, the stack can overflow allowing for remote code execution. |
| 6.8 | E18-mayw1 |
BID-103708 CVE-2018-4937 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) EXPLOITDB-44529 SECURITYTRACKER-1040648 URL |
Exploits | This strike exploits an out-of-bounds vulnerability in Adobe Flash Player. This vulnerability is due to out-of-bounds write in blur filtering. Successful exploitation of this vulnerability leads either to arbitrary code execution or to abnormal termination of the application using the vulnerable Flash version. |
| 6.8 | E18-mayw2 |
BID-103708 CVE-2018-4935 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) EXPLOITDB-44527 GOOGLE-1536 SECURITYTRACKER-1040648 URL |
Exploits | This strike exploits an out-of-bounds vulnerability in Adobe Flash Player. This vulnerability is due to heap or stack corruption when rendering a slab. Successful exploitation of this vulnerability leads either to arbitrary code execution or to abnormal termination of the application using the vulnerable Flash version. |
| 6.5 | E18-0yga1 |
BID-102307 CVE-2017-16603 CVSS-6.5 (AV:N/AC:L/AU:S/C:P/I:P/A:P) ZDI-17-968 |
Exploits | This strike exploits a vulnerability in NetGain Systems Enterprise Manager prior to v7.2.766. The vulnerability is caused by insufficient validation of user input in http requests. Successful exploitation could result in arbitrary file accessible on target server. |
| 6.0 | E18-0nwa1 |
CVE-2018-6362 CVSS-6.0 (AV:N/AC:M/AU:S/C:P/I:P/A:P) URL |
Exploits | This strike exploits a cross-site scripting vulnerability in Easy Hosting Control Panel. This vulnerability is due to improper sanitization of "domainop" action parameter controlled by users in HTTP requests. By enticing an authenticated user to visit an attacker controlled webpage or click a malicious link, an attacker could access any cookies, session tokens, or other sensitive information retained by the browser. |
| 6.0 | E18-0nw91 |
CVE-2018-6361 CVSS-6.0 (AV:N/AC:M/AU:S/C:P/I:P/A:P) URL |
Exploits | This strike exploits a cross-site scripting vulnerability in Easy Hosting Control Panel. This vulnerability is due to improper sanitization of "op" parameter controlled by users in HTTP requests. By enticing an authenticated user to visit an attacker controlled webpage or click a malicious link, an attacker could manipulate database, add backdoor accounts, access any cookies, session tokens, or other sensitive information retained by the browser. |
| 2.6 | D18-3dwi3 |
BID-102078 CVE-2017-11906 CVSS-2.6 (AV:N/AC:H/AU:N/C:P/I:N/A:N) EXPLOITDB-43372 GOOGLE-1382 |
Denial | This strike exploits a vulnerability in the Microsoft Internet Explorer browser. Specifically, the vulnerability exists in the Javascript engine. It is possible to craft Javascript in such a way that causes an out of bounds read in the jscriptRegExpFncObj::LastParen method. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 5.0 | E18-0olw1 |
CVE-2018-7284 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) URL |
Exploits | The strike for CVE-2018-7284 was incorrectly using "Allow" headers instead of "Accept" headers. This has been corrected. |