Ixia ATI Update 2018-17 (338766)

New Application Profiles (1)

Name Info
Keysight Enterprise Datacenter Test profile that simulates Keysight Data Center traffic distribution as described in a 2018 Firewall Test report.

New Strikes (19)

CVSS ID References Category Info
9.3 E18-ww891 CVE-2018-14847
CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)
URL
Exploits This strike exploits a vulnerability found in WinBox tool for MikroTik RouterOS. The vulnerability is due to improper verification of session ID field in the authentication step. By successfully exploiting this vulnerability, an attacker can obtain the admin credentials of the device.
9.3 E18-0pg51 CVE-2018-8373
CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)
URL
Exploits This strike exploits a vulnerability in Microsoft VBScript Engine. Specifically the vulnerability fakes and overrides the array object to perform arbitrary address reading and writing. In the end, it releases code to execute after constructing an object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
9.0 E18-0gl01 CVE-2018-1000019
CVSS-9.0 (AV:N/AC:L/AU:S/C:C/I:C/A:C)
EXPLOITDB-45161
URL
Exploits This strike exploits a command injection vulnerability in OpenEMR. The vulnerability is due to improper validation of input passed to 'edit_globals.php' script. By exploiting this vulnerability, a remote authenticated attacker can execute arbitrary OS commands on the target router.
9.0 E18-5l9r1 CVE-2018-14767
CVSS-9.0 (AV:N/AC:L/AU:N/C:P/I:P/A:C)
URL
Exploits This strike exploits an out of bounds read vulnerability in Kamailio SIP server. The vulnerability is due to missing input validation in the "build_res_buf_from_sip_req" core function, when processing the "To" header. An attacker can exploit this vulnerability by sending a specially crafted SIP REGISTER request containing a header with two "To" headers, first of them having an empty "tag" value. Successful exploitation renders the resource completely unavailable and may lead further to arbitrary code execution.
7.5 E17-cceq1 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a file upload vulnerability present in Joomla com_media plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the Xattacker tool.
7.5 E17-nmv01 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a file upload vulnerability present in Joomla com_jce plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker tool.
7.5 E18-01ir1 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a file upload vulnerability present in Joomla com_jbcatalog plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker Tool.
7.5 E17-a8ob1 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a file upload vulnerability present in Joomla com_fabrik plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker tool.
7.5 E18-5lk31 CVE-2018-15139
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits A file upload vulnerability was found in the OpenEMR. The vulnerability is caused by the lack of proper input sanitisation passed to the manage_site_files Web PHP form. Successful exploitation can result in arbitrary code execution in the context of the user running OpenEMR.
7.5 E18-ua3d1 CVE-2018-1999001
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits The strike exploits a policy bypass vulnerability in Jenkins CI Server. This vulnerability is due to insufficient validation of login requests by the "getOrCreate" function. By abusing this flaw, an attacker could trigger the removal of the config.xml file from the Jenkins' root directory which results in granting administrator access to anonymous users.
7.5 E18-0jgg1 CVE-2018-0608
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a heap buffer overflow vulnerability in H2O Webserver. H2O Webserver has a function to allocate sufficient memory for large HTTP headers, however, in certain cases the buffer position pointer may become negative or overly large. In this case, the buffer will not be reallocated, leading to a buffer overflow. An attacker can exploit this vulnerability by sending a specially crafted HTTP message. Successful exploitation may result in arbitrary code execution or abnormal termination of the H2O Webserver, leading to a denial of service condition.
6.8 E18-0m0k1 CVE-2018-3924
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a use-after-free vulnerability in the JavaScript engine of Foxit PDF Reader. This vulnerability is due to improper handling of an annotation object while invoking the 'mailForm' method of the active document. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PDF file, resulting in possible execution of arbitrary code.
6.8 E18-0f7v1 BID-100610
CVE-2017-5115
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a vulnerability in Google Chrome. Specifically, the vulnerability exists in the v8 Javascript engine. It is possible to craft Javascript in such a way that will allow for out of bounds memory to be accessed. This may lead to a denial of service condition in the browser, or potentially remote code execution.
6.8 E18-0f7e1 BID-99950
CVE-2017-5098
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a vulnerability in Google Chrome. Specifically, the vulnerability exists in the v8 Javascript engine. It is possible to craft Javascript in such a way that will allow for a use after free condition to occur. This may lead to a denial of service condition in the browser, or potentially remote code execution.
6.8 E18-0f741 BID-99096
CVE-2017-5088
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a vulnerability in the Google Chrome. Specifically, the vulnerability exists in the V8 Javascript engine. It is possible to craft Javascript in such a way that will allow for values on the heap to be leaked to the user. This may lead to a denial of service condition in the browser, or potentially remote code execution.
6.5 E18-0q4i1 CVE-2018-9250
CVSS-6.5 (AV:N/AC:L/AU:S/C:P/I:P/A:P)
URL
Exploits This strike exploits a SQL injection in OpenEMR open-source project. The vulnerability is due to insufficient user input sanitization passed through the URI, addressing various PHP scripts. A specially crafted HTTP GET request can cause a SQLi in the context of the database user.
6.3 E18-ua3e1 CVE-2018-1999002
CVSS-6.3 (AV:N/AC:M/AU:S/C:C/I:N/A:N)
URL
Exploits The strike exploits an authenticated directory traversal vulnerability in Jenkins CI Server. The vulnerable code resides within Stapler web framework used by Jenkins, and lacks input validation when processing the "Accept-Language" header. The header will be further used to include a language-specific resource by concatenating the header's content to the resource's path. By exploiting the vulnerability, an attacker could read arbitrary sensitive files from the file system.
5.0 E18-4ahl1 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N)
URL
Exploits This strike exploits a reflected cross site scripting vulnerability in Atmosphere Java Framework. The vulnerability resides in the JSONP transport method supported by the framework and is due to insufficient sanitization. By exploiting this flaw, an attacker obtains client-side Javascript code execution within victim's browser which can lead to information disclosure and credentials theft.
5.0 D18-0n5a1 BID-104976
CVE-2018-5390
CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P)
URL
Denial This strike exploits a denial of service vulnerability in Linux Kernel TCP segments. The vulnerability is caused by the way how out-of-order TCP segments are stored and handled from the function tcp_collapse_ofo_queue() and tcp_prune_ofo_queue(). A remote attacker could exploit this vulnerability by keep sending crafted TCP segments packet to the target server. Successful exploitation is able to exhaust target server's resource and lead to denial-of-service.