Ixia ATI Update ATI-2019-22 (373679)

Enhancements

Ticket Info
ATIBPS-16252 Added new action "Game Download" to Steam.
ATIBPS-16215 The 1-arm SuperFlow should have the External Host IP in the NN set to 8.8.4.4 or 1.1.1.1 to work against the real service. THIS ONLY WORKS AGAINST DNS.GOOGLE ON OCTOBER 2019. Please refer to this link for more details: https://www.ixiacom.com/company/blog/using-breakingpoint-test-dns-over-https-doh-services-part-1
ATIBPS-16211 This ClientSim superflow serves as an example showing how to build HTTP2 1-armed test against an Apache2 HTTP2 server. Since ALPN extension used in Start_TLS action in this superflow is only available in BPS 9.00+ platform, this superflow is not available for older versions.
ATIBPS-16210 The 1-arm SuperFlow should have the External Host IP in the NN set to 8.8.4.4 or 1.1.1.1 to work against the real service. This ClientSim only works on a BPS 9.0.0+ platforms, since ALPN is used in TLS handshake to initiate http2 connection. THIS ONLY WORKS AGAINST DNS.GOOGLE ON OCTOBER 2019. Please refer to this link for more details: https://www.ixiacom.com/company/blog/using-breakingpoint-test-dns-over-https-doh-services-part-1
ATIBPS-12810 Added Brotli compression support in HTTP based applications.

New Protocols & Applications (3)

Name Category Info
Office365 Sway Nov19 Distributed Computing Simulates the use of the Microsoft Office 365 Sway website as of November 2019. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Amazon e-commerce Nov19 Financial Simulates the use of the Amazon e-commerce website as of November 2019. This protocol can be used to simulate an Amazon user performing actions like Sign in, Search for an item, Add it to cart, Removing it from cart and Sign out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Soundcloud Nov 19 Voice/Video/Media Simulates the use of the Soundcloud application.This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time.The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.

New Super Flows (11)

Name Category Info
Office365 Sway Nov 19 Distributed Computing Simulates the use of the Microsoft Office 365 Sway as of November 2019. The user signs in, creates a sway, plays, views another presentation and signs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Office365 Sway Nov 19 Create Presentation Distributed Computing Simulates the use of the Microsoft Office 365 Sway as of November 2019. The user signs in, creates a sway and signs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Office365 Sway Nov 19 Preview Presentation Distributed Computing Simulates the use of the Microsoft Office 365 Sway as of November 2019. The user signs in, previews a sway and signs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Amazon e-commerce Nov19 Financial Simulates the use of the Amazon e-commerce as of November 2019. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Amazon e-commerce Nov19 Search Item Financial Simulates the use of the Amazon e-commerce searching an item as of November 2019. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Soundcloud Nov 19 Voice/Video/Media Simulates the use of the Soundcloud website. The user accesses the sign in page, signs in, searches for a track, plays the track, pause the track and signs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The 'Max. Request/Response Pairs per Action' and 'Max. Generated File Size' flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Soundcloud Nov 19 Search Track Voice/Video/Media Simulates the use of Soundcloud website. The user accesses the sign in page, signs in, searches for a track, plays the track and signs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The 'Max. Request/Response Pairs per Action' and 'Max. Generated File Size' flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Steam Game Download Games This simulates a login to the Steam gaming network and a game download.
DoH ClientSim for GoogleDNS System/Network Admin The client interacts Google DoH server by first sending a RFC8484 DNS query via a HTTP GET request, followed by a conditional request expecting a 'status: 200' from the server with the desired result; then the client sending the same query via a HTTP POST request, followed by a conditional request with the same result; lastly the client sending the third query via HTTP GET request using GoogleDNS's JSONAPI, followed by a conditional request expecting a 'status: 200'.
DoH ClientSim for GoogleDNS - HTTP2 System/Network Admin The client interacts with Google DoH server by first sending a RFC8484 DNS query via a HTTP2 GET request, followed by a conditional request expecting a 'status: 200' from the server; then the client sending the same query via a HTTP2 POST request, followed by a conditional request with the same expect; lastly the client sending the third query via HTTP2 GET request using GoogleDNS's JSONAPI, followed by a conditional request expecting 'status: 200'.
HTTP2 ClientSim System/Network Admin The client interact with an Apache2 HTTP2 server by first sending a GET request for a file, followed by a conditional request expecting a ':status 200' from the server; then the client sends a POST to the server, followed by another conditional request expecting a second ':status: 200' response.

New Strikes (5)

CVSS ID References Category Info
7.6 E19-0rfg1 CVE-2019-0940
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
URL
Exploits This strike exploits a double-free vulnerability in the Microsoft Edge browser. The vulnerability lies within the rendering component. It is possible to partially initialize canvas pattern objects and trigger a double-free. This may lead to arbitrary read-write in the browser or potentially remote code execution.
7.6 E19-0pc52 BID-104369
CVE-2018-8229
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
EXPLOITDB-45013
GOOGLE-1560
Exploits This strike exploits a vulnerability in the Microsoft Edge browser. Specifically the vulnerability exists within the Javascript Chakra engine. An attacker can craft Javascript in such a way that SetConcatStrMultiItemBE instructions can be hoisted without properly validating its type. This causes type confusion to occur, and can lead to a denial of service condition in the browser or potentially remote code execution.
7.5 E19-7nk31 CVE-2019-11043
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits A buffer underflow vulnerability exists in PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11. The vulnerability resides in 'init_request_info (fpm_main.c)' function and is a side-effect of no string length check when FCGI parameters are received from a nginx server. An unauthenticated remote attacker can exploit the flaw to execute arbitrary code on the target server.
7.5 E19-7os61 CVE-2019-12630
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits an insecure Java deserialization vulnerability in Cisco Security Manager. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of the user running the CSM service.
6.8 E19-0m8u4 CVE-2018-4222
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
EXPLOITDB-44859
GOOGLE-1545
Exploits This strike exploits a vulnerability in the Apple Safari browser. Specifically the vulnerability exists when compiling WebAssembly source buffers in WebKit. The source buffer is copied to a read only buffer, and if this buffer is a view, the offset is added to the buffer which can potentially allow for heap memory to be read off of the source. This can result in a denial of service condition in the browser or possibly remote code execution.

Defects Resolved

Ticket Info
ATIBPS-16283 The old versions of "Office 365 Sway Jul 15" and "Office 365 People Jul 15" application protocols have been deprecated.
ATIBPS-16276 Updated E19-7n201 to not encode the HTTP POST body.
ATIBPS-16217 Set "client_identifier" parameter type to string for MQTT.
ATIBPS-16143 Fixed Diameter protocol bug where user assigned hop-by-hop ID and end-to-end ID were ignored.
ATIBPS-16136 Removed ports 443 and 4443 from E11-5lk01 (typically associated with SSL)
ATIBPS-8108 Fixed problems with the NLRI Token for the BGP Protocol
ATIBPS-8047 Fixed some malformed HTTP header fields such as status result and status codes, along with some host names.
ATIBPS-16277 Removed strike G11-3rm01 due to use of un-decryptable SSL.