Ticket | Info |
---|---|
DE6819 | The missing OPT field when the DNS response is set to DNSKEY type has been fixed. The action behaves as expected. With the fix when the DO bit is set to true and the type is set to DNSKEY an OPT field appears under the additional answers section. |
DE6865 | Updated Microsoft Tuesday StrikeLists to include all months for which Strikes are available; corrected ms keyword for 7 strikes (see Modified Strikes). |
DE6879 | Fixed and issue where some strikes sending HTTP traffic were encrypted when ran with SSL::EnableOnAllHTTP evasion profile (see Modified Strikes). |
DE6886 (1405368) | This fix resolves an issue where SSL sessions were being reused despite disabling the "Resume Max Reuse" and "Resume Expire" settings in the "Start TLS" action. |
DE6887 (1418366) | This update fixes an issue with the "GetAddr Reply" action provided by the "RPC BIND (Portmap)" flow. Previously, some message lengths generated an incorrect padding. |
Ticket | Info |
---|---|
US58329 | Extended the LDAP flow action "Search Result Entry" to include support for multiple Attribute and Attribute value pairs. The values are imported via a JSON file specified by the user. Two new parameters have been added "Partial Attribute List" and "Include Result Done". Existing functionality has not been altered. |
US57972 | Added new Application mixes emulating the Sandvine 2016 Internet trends for the Asia Pacific, Africa and Middle East regions have been added. |
Name | Category | Info |
---|---|---|
Kelihos Command-and-Control Botnet | Security | Kelihos Botnet is a peer-to-peer botnet, where individual botnet nodes are capable of acting as command-and-control servers for the entire botnet. |
BuzzFeed Nov 16 | Social Networking/Search | BuzzFeed is a social news and entertainment web site where users can easily navigate to the latest items that are currently creating the most 'buzz'. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
GoToMeeting Oct16 | Voice/Video/Media | GoToMeeting is a web-hosted service created and marketed by the Online Services division of Citrix Systems. It is an online meeting, desktop sharing, and video conferencing software that enables the user to meet with other computer users, customers, clients or colleagues via the Internet in real time. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Name | Category | Info |
---|---|---|
DDoS CLDAP Flood | Authentication | The CLDAP (Connectionless LDAP) flood sends a flood of UDP datagrams targeted at a server. It is a reflection attack caused by a forged request for all attributes supported by the reflecting LDAP server. |
Kelihos Command-and-Control Botnet Communication | Security | This traffic emulates a Kelihos Command-and-Control Botnet Communication session. It demonstrates the actions a peer can perform in order to exchange encrypted data with the server. |
BuzzFeed Nov. 2016 | Social Networking/Search | BuzzFeed is a social news and entertainment web site where users can easily view the latest items that are currently creating the most 'buzz'. In this emulation a user, who is not logged into BuzzFeed, navigates to a number of items of interest. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
GoToMeeting Mobile | Voice/Video/Media | Traffic that simulates signing in, starting and joining a meeting from the mobile app. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
GoToMeeting Mobile Join Meeting | Voice/Video/Media | Traffic that simulates signing in and joining an existing meeting from the mobile app. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
GoToMeeting Mobile Start Meeting | Voice/Video/Media | Traffic that simulates signing in and starting a meeting from the mobile app. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
GoToMeeting Web App | Voice/Video/Media | Traffic that simulates using the GoToMeeting web app from a browser. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
YouTube September 2016 Bandwidth | Voice/Video/Media | Traffic that simulates some of the actions a user can perform on the YouTube website without DNS flow. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Google Safe Browsing Bandwidth | Social Networking/Search | Traffic that simulates google browsing where a URL is matched against lists of URLs with web resources that contain malware or phishing content. The parameters here are set for high bandwidth that could be used in Sandvine profiles. |
Name | Info |
---|---|
Sandvine Africa Fixed Access 2016 October | Traffic emulating the mix of applications reported in the Sandvine Global Internet Phenomena Report October 2016 for Africa Fixed Access. |
Sandvine Africa Mobile Access 2016 October | Traffic emulating the mix of applications reported in the Sandvine Global Internet Phenomena Report October 2016 for Africa Mobile Access. |
Sandvine Asia Pacific Fixed Access 2016 October | Traffic emulating the mix of applications reported in the Sandvine Global Internet Phenomena Report October 2016 for Asia Pacific Fixed Access. |
Sandvine Asia Pacific Mobile Access 2016 October | Traffic emulating the mix of applications reported in the Sandvine Global Internet Phenomena Report October 2016 for Asia Pacific Mobile Access. |
Sandvine Middle East Mobile Access 2016 October | Traffic emulating the mix of applications reported in the Sandvine Global Internet Phenomena Report October 2016 for Middle East Mobile Access. |
Name | Info |
---|---|
DDoS CLDAP Flood | The CLDAP (Connectionless LDAP) flood sends a flood of UDP datagrams targeted at a server. It is a reflection attack caused by a forged request for all attributes supported by the reflecting LDAP server. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
10.0 | E16-7v901 |
BID-93177 CVE-2016-6309 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a use after free vulnerability in OpenSSL. The vulnerability is caused by an error that occurs when reallocating a message with a size greater than 16k bytes in tls_get_message_header function. Successful exploitation may result in execution of arbitrary code or abnormal termination of the OpenSSL vulnerable server. |
10.0 | E16-3rq01 |
APSB-16-08 BID-84312 CVE-2016-0998 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) GOOGLE-716 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to an uninitialized stack parameter access in object.unwatch. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
10.0 | E16-3rp02 |
APSB-16-08 BID-84312 CVE-2016-0997 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) GOOGLE-715 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to an uninitialized stack parameter access in MovieClip.swapDepths. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
10.0 | E15-8wg01 |
APSB-15-27 BID-77116 CVE-2015-7648 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) GOOGLE-545 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a type confusion in serialization with ObjectEncoder.dynamicPropertyWriter. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
10.0 | E15-8wf01 |
APSB-15-27 BID-77115 CVE-2015-7647 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) GOOGLE-548 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a type confusion in IExternalizable.readExternal when performing local serialization. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
10.0 | E15-7av01 |
APSB-15-23 BID-76799 CVE-2015-5575 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) GOOGLE-452 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a wild write at 0x453b0cf0 in color conversion. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
9.3 | E16-8jp01 |
BID-93427 CVE-2016-7189 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) MS16-119 |
Exploits | This strike exploits a vulnerability in the Microsoft Edge Browser. Specifically, a type confusion vulnerability exists in the Microsoft Edge module Chakra.dll. A malicious attacker can craft javascript in such a way that when Array.join is called on an arry of elements it is possible to reference the array's prototype if it has a getter function. If this function returns an element of a different type to the calling function to assign to the array type confusion can occur. This can lead to a disclosure of memory contents. It may also be possible to cause a denial of service condition in the browser or achieve remote code execution by corrupting these memory contents in a specified manner. |
9.3 | E16-5m101 |
BID-93397 CVE-2016-3385 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) MS16-118 |
Exploits | This strike exploits a vulnerability in Microsoft Internet Explorer. Specifically, a type confusion vulnerability exists in the Microsoft scripting engine's Join function. A malicious attacker can craft code in such a way that when Join is called upon an array object after its contents have been changed, the reference to the original object is kept. If the type of the object in the array has changed it will result in type confusion. It may also be possible to cause a denial of service condition in the browser or achieve remote code execution by corrupting these memory contents in a specified manner. |
7.6 | E16-8ju01 |
BID-93399 CVE-2016-7194 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) MS16-119 |
Exploits | This strike exploits a vulnerability in the Microsoft Edge Browser. Specifically, a type confusion vulnerability exists in the Microsoft Edge module Chakra.dll. A malicious attacker can craft javascript in such a way that when the TemplatedForEachItemInRange method is called on an array believing it is of type int, the method will disclose memory contents of the non-integer object in the array. |
7.6 | E16-8jq01 |
BID-93428 CVE-2016-7190 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) MS16-119 |
Exploits | This strike exploits a vulnerability in the Microsoft Edge Browser. Specifically, a type confusion vulnerability exists in the Microsoft Edge module Chakra.dll. A malicious attacker can craft javascript in such a way that when a proxy object is created and Array.map is called upon that object, memory information can be disclosed. It may also be possible to cause a denial of service condition in the browser or achieve remote code execution by corrupting these memory contents in a specified manner. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
10.0 | G04-35w01 |
BID-10708 CVE-2004-0212 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) MS04-022 URL |
Generic | Updated Microsoft Tuesday StrikeLists to include all months for which Strikes are available; corrected ms keyword for this strike. |
10.0 | E15-49f01 |
BID-74013 CVE-2015-1635 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) MS15-034 |
Exploits | Updated Microsoft Tuesday StrikeLists to include all months for which Strikes are available; corrected ms keyword for this strike. |
9.3 | G03-3mx01 |
BID-9624 CVE-2003-0825 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) MS04-006 URL |
Generic | Updated Microsoft Tuesday StrikeLists to include all months for which Strikes are available; corrected ms keyword for this strike. |
9.3 | E13-wn801 |
BID-57114 CVE-2013-0003 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) MS13-004 URL |
Exploits | Updated Microsoft Tuesday StrikeLists to include all months for which Strikes are available; corrected ms keyword for this strike. |
8.7 | E15-4mw01 |
BID-74801 CVE-2015-2120 CVSS-8.7 (AV:N/AC:L/AU:S/C:C/I:P/A:C) URL |
Exploits | Fixed and issue where some strikes sending HTTP traffic were encrypted when ran with SSL::EnableOnAllHTTP evasion profile. |
7.5 | G04-33b01 |
BID-10113 CVE-2004-0119 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) MS04-011 URL |
Generic | Updated Microsoft Tuesday StrikeLists to include all months for which Strikes are available; corrected ms keyword for this strike. |
7.5 | G04-3nj01 |
BID-11342 CVE-2004-0847 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) MS05-004 URL |
Generic | Updated Microsoft Tuesday StrikeLists to include all months for which Strikes are available; corrected ms keyword for this strike. |
7.5 | E12-5il02 |
BID-55273 CVE-2012-3264 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) |
Exploits | Fixed and issue where some strikes sending HTTP traffic were encrypted when ran with SSL::EnableOnAllHTTP evasion profile. |
7.5 | E13-3t501 |
BID-62902 CVE-2013-4824 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) ZDI-13-240 |
Exploits | Fixed and issue where some strikes sending HTTP traffic were encrypted when ran with SSL::EnableOnAllHTTP evasion profile. |
6.5 | E16-48901 |
CVE-2016-1593 CVSS-6.5 (AV:N/AC:L/AU:S/C:P/I:P/A:P) URL |
Exploits | Fixed and issue where some strikes sending HTTP traffic were encrypted when ran with SSL::EnableOnAllHTTP evasion profile. |
5.1 | G06-5bq01 |
BID-18583 CVE-2006-3014 CVSS-5.1 (AV:N/AC:H/AU:N/C:P/I:P/A:P) MS06-069 URL |
Generic | Updated Microsoft Tuesday StrikeLists to include all months for which Strikes are available; corrected ms keyword for this strike. |