Ixia ATI Update 2019-02 (351846)

Defects Resolved

Ticket Info
DE10250 Strike E13-86o01 was modified to add a leading slash to the URL.
DE10251 Strike E13-33r01 was modified to add a leading slash to the URL.
DE10279 BPS-generated Call-ID was corrected for "SIP" flow in compliance with user guide description ( RFC3261, sec 8.1.1.4 )
US94366 Removed duplicate accept header for Strike E18-8vo51.

New Protocols & Applications (1)

Name Category Info
Facebook Messenger Chat/IM Facebook Messenger is a mobile messaging application for iPhone and Android which allows users to exchange messages or make audio and video calls. Here we implement the audio and video calling part of the application.

New Super Flows (5)

Name Category Info
Facebook Messenger Audio Call Chat/IM Here we simulate a user logging in to the Facebook Messenger application and making an audio call.
Facebook Messenger Video Call Chat/IM Here we simulate a user logging in to the Facebook Messenger application and making a video call.
MQTT Connect and Publish for iSocket Distributed Computing An MQTT client connects to a server and publishes some messages.
MQTT One Arm Connect and Flood Publish over Websocket Distributed Computing MQTT client performing connect, publishing flood of messages as attack over Websocket to a Mosquitto server.
MQTT One Arm Connect and Flood Subscribe over Websocket Distributed Computing MQTT client performing connect, flooding subscribe requests as attack over Websocket to a Mosquitto server.

New Strikes (13)

CVSS ID References Category Info
9.0 E19-0rz81 BID-106728
CVE-2019-1652
CVSS-9.0 (AV:N/AC:L/AU:S/C:C/I:C/A:C)
EXPLOITDB-46243
URL
Exploits This strike exploits a OS command injection vulnerability found in Cisco Small Business RV320 and RV325 routers. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by crafting a special HTTP POST request. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root.
7.8 E19-0rz91 BID-106732
CVE-2019-1653
CVSS-7.8 (AV:N/AC:L/AU:N/C:C/I:N/A:N)
EXPLOITDB-46262
URL
Exploits This strike exploits a information disclosure vulnerability found in Cisco Small Business RV320 and RV325 routers. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information.
7.8 D19-5iu71 BID-101085
CVE-2018-11615
CVSS-7.8 (AV:N/AC:L/AU:N/C:N/I:N/A:C)
URL
ZDI-18-583
Denial This strike exploits a denial of service vulnerability in Mosca MQTT broker. When evaluating an invalid regex contained in an MQTT subscribe message, Mosca will terminate abnormally, leading to a denial of service condition.
7.6 D19-0pmx1 BID-106112
CVE-2018-8617
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
EXPLOITDB-46202
Denial This strike exploits an vulnerability in the Microsoft Edge browser. Specifically the vulnerability exists inside the Javascript Chakra engine. It is possible to craft Javascript in such a way that when a push or pop method is used on an object with a numeric property the associated InlineArrayPop or InlineArrayPush instruction is called. It is possible to cause type confusion allowing for a denial of service condition to occur or potentially remote code execution.
7.5 E19-0nur1 CVE-2018-6307
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a heap use-after-free vulnerability in libVNC LibVNCServer. The vulnerability is due to improper validation of the file transfer request size by the File Transfer extension. Successful exploitation may result in remote code execution on the target server.
6.8 E19-5oon1 CVE-2018-19191
CVSS-6.8 (AV:N/AC:L/AU:S/C:C/I:N/A:N)
URL
Exploits This strike exploits a cross-site scripting vulnerability in Webmin. The vulnerability results from the lack of sanitization when displaying the POST parameter 'history' in '/shell/index.cgi'. A successful exploitation leads to arbitrary code execution in visitors' browsers or credentials theft.
6.8 E19-5jtw1 CVE-2018-12900
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a buffer overflow vulnerability in tiffcp component of libtiff. The vulnerability is due to insufficient input validation of an unknown TIFF header field . A remote attacker could exploit this vulnerability by enticing a user to import a specially crafted TIFF file. Successful exploitation could lead to arbitrary code execution or denial-of-service conditions in the context of the user.
6.8 E19-0meu1 CVE-2018-4438
CVSS-6.8 (AV:N/AC:L/AU:N/C:P/I:N/A:P)
Exploits This strike exploits a vulnerability in Webkit. Specifically, it is possible to create an array having a Proxy object in the prototype chain. This may cause a denial of service condition in the browser or allow for remote code execution to occur.
6.4 E19-5p751 BID-106130
CVE-2018-19857
CVSS-6.4 (AV:N/AC:L/AU:N/C:P/I:N/A:P)
URL
Exploits This strike exploits a use-before-initialization vulnerability in VLC Media Player. The vulnerability arises when a memory allocation fails due to a large enough 'ChunkSize' flag, thus leaving the 'p_peek' pointer unintialized. By exploiting this, an attacker could cause information leaks on the target system.
6.4 E19-5jfn1 BID-105460
CVE-2018-12387
CVSS-6.4 (AV:N/AC:L/AU:N/C:P/I:N/A:P)
Exploits This strike exploits an information disclosure vulnerability in the Mozilla Firefox browser. Specifically, the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that result in the stack pointer being off by 8 bytes. When this occurs a memory address gets leaked that can be used as part of an exploit. This strike demonstrates the information disclosure by dumping the leaked memory addresses.
4.3 E19-0zkj1 CVSS-4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N)
EXPLOITDB-46099
URL
Exploits This strike exploits a out of memory vulnerability in Chrome's Javascript V8 engine. The vulnerability resides in the way the browser's engine handles dynamically created arrays. By exploiting the vulnerability an attacker is able to cause denial of service conditions on target's browser.
4.3 E19-0m1g1 CVE-2018-3956
CVSS-4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N)
URL
Exploits An out-of-bounds read vulnerability exists in Foxit Reader and PhantomPDF. This vulnerability is due to improper handling of the xdpContent property of a submit object. A remote attacker could exploit this vulnerability by enticing a user to open a malicious PDF document. Successful exploitation would allow the attacker to gain sensitive information that may help in further attacks.
4.0 E19-w7qm1 CVSS-4.0 (AV:N/AC:L/AU:S/C:P/I:N/A:N)
URL
Exploits This strike exploits a stored Cross-Site Scripting vulnerability in WordPress MapSVG Plugin. The vulnerability is a consequence of no user input sanitization when storing the 'data[mapsvg_data]'. A successful exploitation leads to arbitrary code execution in visitors' browsers or credentials theft.