| Ticket | Info |
|---|---|
| DE10231 | The strike for CVE-2006-0065 was corrected to use GET requests only, instead of random HTTP verbs. |
| DE10232 | The strike for CVE-2012-3264 was posting duplicate Server and Content-Length HTTP headers in the same HTTP messages. This has been fixed. |
| DE10341 | BPS-generated Call-ID (RFC3261, sec 8.1.1.4) was corrected for "SIP" flow to include hostname and remain persistent in NAT/Proxy test environment. |
| DE10348 | Optimized internal IO synchronization to avoid "app helper timeout" error randomly occurring in the test initialization. |
| DE10370 | Corrected issue in which IP Fragmentation Evasions did not work in IPv6. Note: Only MaxFragSize is supported in IPv6. FragPolicy and FragOrder are not supported in IPv6. |
| DE10371 | This strike has been modified to include the correct minimum value appropriate to trigger the buffer overflow vulnerability. |
| DE10373 | Strikes E11-4iw01 and E10-61c01 have been modified to remove duplicate HTTP headers in HTTP requests. |
| DE10392 | Fixed Cache Poisoning behavior to allow only one-session strikes. DSL and FileTransfer strikes are filtered out as well. |
| Ticket | Info |
|---|---|
| US93627 | Support for 8 of the 9 ways of opening a file has been added to the SMBv1 application. 5 new superflows "SMB CIFS Create", SMB CIFS Create Temporary", "SMB CIFS OpenANDX" "SMB CIFS Trans2 Open2" and "SMB CIFS POSIX Open" and 14 new actions "Create Request", "Create Respose", "Create Temporary Request", "Create Temporary Response", "Create New Request", "Create New Response", "Open Print File Request", "Open Print File Response", "Open ANDX Request", "Open ANDX Response", "TRANS2 OPEN2 Request", "TRANS2 OPEN2 Response", "POSIX Open Request", POSIX Open Response" have been added to the SMBv1 application. |
| DE10386 | Enhancement that reduces the test initialization time by half was implemented. This improvement is visible especially in App Mixes with many flows like Business Utilities, Social Media Bandwidth, Cloud Applications 2017 Part 1 and Cloud Applications 2017 Part 2. |
| Name | Category | Info |
|---|---|---|
| SMB CIFS Create | Enterprise Applications | Simulate an SMB session in which the client authenticates and connects to the server and uses the SMB Create command 0x03 to open and download a file. |
| SMB CIFS Create Temporary | Enterprise Applications | Simulate an SMB session in which the client authenticates and connects to the server and uses the SMB Create Temporary command 0x0e to open and download a file. |
| SMB CIFS OpenANDX | Enterprise Applications | Simulate an SMB session in which the client authenticates and connects to the server and uses the SMB OpenANDX command to open and read that file. |
| SMB CIFS POSIX Open | Enterprise Applications | Simulate an SMB session in which the client authenticates and connects to the server and uses the UNIX POSIX Open command to open and read that file. |
| SMB CIFS Trans2 Open2 | Enterprise Applications | Simulate an SMB session in which the client authenticates and connects to the server and uses the Trans2 Open2 command to open and read that file. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 7.8 | E19-0uvu1 |
CVE-2019-5418 CVSS-7.8 (AV:N/AC:L/AU:N/C:C/I:N/A:N) URL |
Exploits | The strikes replicates an attack on Ruby on Rails which leads to arbitrary file disclosure. The vulnerability resides in the lack of validation of the "Accept" header which is further parsed within the "template_renderer.rb" file in order to return the template file to be rendered. By exploiting this, a remote unauthenticated attacker may read arbitrary files on the host system. |
| 7.6 | E19-0pn51 |
BID-106122 CVE-2018-8625 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-46022 GOOGLE-1668 |
Exploits | This strike exploits a vulnerability in the Microsoft Internet Explorer browser. Specifically, the vulnerability exists in the VBScript engine. It is possible to create VBScript in such a way that can allow for a use-after-free condition to occur when a pointer to a SafeArray object is created and stored and the object is then destroyed. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
| 7.5 | E19-0xsg1 |
CVE-2019-9184 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-46467 |
Exploits | This strike exploits a SQL injection vulnerability in the J2Store component 3.x - 3.3.6 for Joomla!. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this vulnerability by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure. |
| 7.5 | E19-0y4i1 |
CVE-2019-9618 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-46537 |
Exploits | This strike exploits a remote file inclusion vulnerability in WordPress Plugin Grace. The vulnerability is due to improper sanitization of the "cfg" parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server. |
| 7.5 | E19-0quo1 |
CVE-2019-0192 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits an insecure deserialization vulnerability in Apache Solr. The vulnerability is due to insufficient sanitization of requests made to the Config API. This vulnerability can be exploited by sending a specially crafted HTTP request to the Config API. Successful exploitation could lead to remote code execution withing the context of the server. |
| 6.5 | E19-5oqy1 |
CVE-2018-19274 CVSS-6.5 (AV:N/AC:L/AU:S/C:P/I:P/A:P) URL |
Exploits | This strike emulates a remote code execution via a POP chain attack on PhpBB forum platform. The vulnerability resides in calling the "file_exists" function with user supplied data when checking the ImageMagick binary path. An authenticated attacker may gain arbitrary code execution by uploading a polyglot JPEG-PHAR file beforehand then setting the ImageMagick path to the polyglot, using the "phar://" prefix. |
| 6.5 | E19-0jv11 |
BID-104307 CVE-2018-1133 CVSS-6.5 (AV:N/AC:L/AU:S/C:P/I:P/A:P) EXPLOITDB-46551 URL |
Exploits | The strike reproduces a remote code execution attack on Moodle CMS platform. The vulnerability resides in poor user input sanitization for 'answer' parameter within 'questiontype.php', when defining a new quizz of type 'Calculated'. By exploiting the issue, a remote authenticated attacker may execute arbitrary PHP code with HTTP Server privileges. |
| 4.3 | E19-0r6e1 |
CVE-2019-0614 CVSS-4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N) URL ZDI-19-273 |
Exploits | This strike exploits an information disclosure vulnerability in the GDI (Graphics Device Interface) components of Microsoft Windows. The vulnerability is due to improper handling of EMF records in memory by the DoGdiCommentMultiFormats method pertaining to 'gdiplus.dll' library. The vulnerability can be exploited by crafting a malicious EMF file and enticing a user to download and open it. Successful exploitation may result in execution of arbitrary code with user privileges. |
| 4.3 | D19-0mex1 |
CVE-2018-4441 CVSS-4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N) GOOGLE-1685 |
Denial | This strike exploits a vulnerability in Apple Webkit. It is possible to craft Javascript in such a way that an Out of Bounds Read/Write can occur in shiftCountWithArrayStorage. This can cause memory corruption to occur leading to a denial of service in the browser or potentially lead to remote code execution. |