Ixia ATI Update 2019-11 (361817)

Defects Resolved

Ticket Info
DE8786 Multiple strikes were using non-deterministic method (did not respect seed). This was fixed.
DE9440 (BUG1475322) Corrected the shared actions for "IMAPv4-Advanced" and "POP3-Advanced" flows to include "Match Content" action.
DE10461 Deprecated TLS option "Use Max Supported Version". The Max Version parameter will be used instead as the maximum supported TLS version.
DE10462 The Max Version of TLS was changed to TLS 1.2 for 'Citrix', 'Citrix Full' and 'SMTP 100K TLS' SuperFlows. This version will be negotiated as the maximum supported version instead of the maximum version available on the platform which used to be referred by the now deprecated "Use Max Supported Version" parameter.
DE10465 Fixed an issue in which the vulnerability was not properly triggered for CVE-2017-15715.
DE10466 Fixed an issue in which the "RWZHeaderField" field would not properly trigger the vulnerability for CVE-2018-8582.
DE10473 Fixed an issue in which a duplicate 'Keep-Alive' header appeared when setting "Client Profile" to'iPhone' and "Enable persistent HTTP sessions" to 'on'.

Enhancements

Ticket Info
US96646 HTTPS Simulated application needed key-exchange parameter to specify TLS 1.2. Now TLS version is configurable in the Client Hello and Server Hello. There is also a Cypher suite parameter to be configured on the Server Hello.
US96661 New Enhanced Shell feature module: Average Packet-Size Analysis and Control for AppMixes (PacMix).
For Linux you can install it using the following command:
wget --no-check-certificate -qO- /ui/tcl/ati-pacmix/install.sh | bash
For MAC use the following command:
curl -kL /ui/tcl/ati-pacmix/install.sh | bash
To use this feature after connecting to the box using Enhanced Shell you need to enter "pacmix".
A help and list of commands will be displayed.
The complete documentation will be provided in BPS Release 9.0 User Guide.
US96679 The TLS version is now configurable in the Client Hello and Server Hello actions of the HTTPS Simulated protocol.
New elliptic-curve based ciphers were added as well as the Server Key Exchange action.
A new SuperFlow was created, TLSv1.2 HTTPS Simulated, that simulates an HTTP over TLSv1.2 session using the ECDHE-RSA-AES128-GCM-SHA256 cipher.
US96716 New Super flow "TLSv1.3 Average HTTPS" was added. It simulates HTTP 1.1 over TLSv1.3 sessions exchanging a web page of an average size of 3MB. 

New Super Flows (2)

Name Category Info
TLSv1.2 HTTPS Simulated Testing and Measurement Simulates an HTTP over TLSv1.2 session. Please note that this protocol does not make use of the SSL encryption engine.[RFC 1035]
TLSv1.3 Average HTTPS Testing and Measurement Simulates HTTP 1.1 over TLSv1.3 sessions exchanging a web page of an average size of 3MB.

New Strikes (7)

CVSS ID References Category Info
10.0 E19-0s571 BID-108184
CVE-2019-1867
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
URL
Exploits This strike exploits an authentication bypass vulnerability in the Cisco Elastic Services Controller. The vulnerability is due to improper filtering of the "Authorization" header. An attacker could exploit this vulnerability by sending a crafted http traffic to the target server. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could achieve authentication bypass on the target server.
10.0 E19-ma2v1 BID-101152
CVE-2017-12557
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
EXPLOITDB-45952
SECURITYTRACKER-1039495
Exploits An insecure deserialization vulnerability exists in HPE intelligent Management Center PLAT v7.3 E0504. The flaw arises due to lack of security checks when processing the POST payload for the '/imc/topo/WebDMDebugServlet' endpoint. Successful attacks result in arbitrary remote code execution with root privileges.
10.0 E19-0frd1 CVE-2017-5817
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
EXPLOITDB-43195
EXPLOITDB-43492
URL
Exploits This strike exploits a denial of service vulnerability in HPE Intelligent Management Center. The vulnerability is due to improper validation of user input on port 2810. By exploiting this vulnerability, a remote, unauthenticated attacker could run arbitrary command on the target server.
7.6 E19-0ra81 CVE-2019-0752
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
URL
Exploits This strike exploits a vulnerability in the Microsoft Windows scripting engine. The vulnerability is due to incorrect handling of objects in memory. An attacker could exploit this vulnerability by enticing a user to view a malicious web page. Successful exploitation of the vulnerability could trigger a code execution condition on client side.
7.5 E19-0uvw1 CVE-2019-5420
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
EXPLOITDB-46785
URL
Exploits This strike replicates a remote code execution attack on Ruby on Rails (<5.2.2.1, <6.0.0.beta3). The flaw resides in the deterministic way the platform generates its secret token in development mode, making it easy to be guessed. A successful exploitation results in arbitrary code execution through Marshal object injection.
6.8 E19-7nf91 CVE-2019-10869
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
URL
Exploits An unrestricted file upload vulnerability exists in WordPress Ninja Forms plugin, with File Upload extension enabled (v3.0.22). The flaw is a result of no sanitization when parsing user-provided parameters 'name' and 'tmp_name' when submitting files. A successful attacker is thus able to upload PHP webshells in order to execute arbitrary commands on the target webserver.
6.8 E19-0y9x1 CVE-2019-9813
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
GOOGLE-1810
Exploits This strike exploits a vulnerability in Mozilla Firefox. Specifically the vulnerability exists in the Javascript engine Spidermonkey. Inside SpiderMonkey, IonMonkey fails to detect changes properly when the ObjGroup is modified during a prototype change. This can lead to a denial of service or potentially allow for remote code execution to occur.