| Ticket | Info |
|---|---|
| DE6250 | This update resolves the issue with blocking legitimate UDP Strikes passing through SNAT DUT due to address translation. |
| DE6323 (1405313) | The "Skip Action When NAT Disabled" setting that appears in actions such as "Conditional Request", "Update Flow Dest Port", etc. has been updated to be more clear about its use. |
| DE6333 | In the ‘Diameter Rx’ and ‘Diameter Rx Interface’ superflows, the 'Framed IP Address' parameter type was changed from hexadecimal string to decimal IP Address format. |
| DE6363 (1406633) | This update resolves an issue with the "HTTP Redirect" Super Flow such that HTTP connections were either closed via TCP RST or not closed at all. Additionally, the "Host" header in each HTTP GET now reflects the correct value. |
| DE6403 (1407861) | This update fixes the "User-specified HTTP host header" and "Use the target IP address" options of the "VirtualHostnameType" security evasion setting. |
| Ticket | Info |
|---|---|
| US37442 (1381132) | Added a new canned test that simulates multiple crypto_NAK messages being sent in order to exploit CVE-2015-7871. |
| US49250 | Modified Strike E16-3ns01 to include four additional vulnerable function IDs. The vulnerable application has multiple function IDs vulnerable to buffer overflow. The strike previously exploited only one of these function IDs. It now exploits five. |
| US49850 | When a Conditional Request match/nomatch does not have an associated action(s) then the implicit behavior is to advance to the next action in the Super Flow. This update makes that implicit behavior explicit by adding actions to configured match/nomatch blocks that did not have an associated action(s).As such, each of the following Super Flows have been updated such that every match and mismatch in its Conditional Request actions has a corresponding action. The list of updated Super Flows is as follows: Confirmed Kill Load Balancer 2010-08-03 load_balancer_clientsim, Confirmed Kill Load Balancer 2010-08-04 load_balancer_clientsim, flame, LOIC IRC Bot HTTP Request, BreakingPoint MySQL Database Advanced, Resiliency POP3 Client, Resiliency MySQL Client, BreakingPoint RTSP, BreakingPoint SMTP Email (Proxy Support), BreakingPoint SMTP Authenticated with Verify |
| Name | Category | Info |
|---|---|---|
| Google Cache Jul16 | Social Networking/Search | Google takes a snapshot of each page it examines and caches (stores) that version as a back-up. The cached version is what Google uses to judge if a page is a good match for your query. Practically every search result includes a Cached link. Clicking on that link takes you to the Google cached version of that web page, instead of the current version of the page. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Name | Category | Info |
|---|---|---|
| Google Cache | Social Networking/Search | The user performs a search, accesses the cached version of the page and then directly queries Google for the cached version of another page, by accessing webcache.googleusercontent.com. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Google Cache Directly Access the Cached Version | Social Networking/Search | The user directly queries Google for the cached version of a page, by accessing webcache.googleusercontent.com. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Google Cache Search and Access Cached Version | Social Networking/Search | The user performs a search and accesses the cached version of the page. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E15-9ia01 |
APSB-15-32 BID-78715 CVE-2015-8434 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-39072 GOOGLE-568 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use after free in Sound.setTransform. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 10.0 | E15-9i701 |
APSB-15-32 BID-78715 CVE-2015-8431 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-39054 GOOGLE-574 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use after free in TextField TabIndex Setter. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 10.0 | E15-9i601 |
APSB-15-32 BID-78715 CVE-2015-8430 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-39053 GOOGLE-576 SCIP-79695 SECURITYTRACKER-1034318 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use after free in TextField text setter. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 10.0 | E15-97i01 |
APSB-15-28 BID-77533 CVE-2015-8046 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-39019 GOOGLE-560 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use after free in the TextField antiAliasType setter. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 9.3 | E13-32201 |
BID-58327 CVE-2013-0074 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) MS13-022 |
Exploits | This strike exploits a vulnerability in Microsoft Silverlight. The vulnerability is due to improper verification of a pointer when rendering an html object. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the Silverlight application. |
| 6.8 | E16-7gl01 |
BID-91522 CVE-2016-5781 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) |
Exploits | This strike exploits a vulnerability in WECON's LeviStudio HMI software. Specifically several stack buffer overflows exist in multiple attributes inside of an XML ump project file. If too large of a value is found inside these parameters, once processed a stack buffer will overflow causing a denial of service, and potentially allowing for remote code execution to occur. |
| 6.8 | E16-6hx01 |
BID-91522 CVE-2016-4533 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) |
Exploits | This strike exploits a vulnerability in WECON's LeviStudio HMI software. Specifically several heap buffer overflows exist in multiple attributes inside of an XML ump project file. If an overly large value is given for any of these attributes, a heap buffer will overflow, causing a denial of service or potentially allowing for remote code execution to occur. |
| 5.0 | E16-3nr01 |
BID-80745 CVE-2016-0855 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) URL |
Exploits | This strike exploits a directory traversal vulnerability in Advantech WebAccess. WebAccess has a removeFolder function which deletes a folder and its contents. It does not sanitize for directory traversal characters. An attacker can send a specially crafted HTTP request to delete arbitrary directories on the target system. |
| 5.0 | D16-74w01 |
BID-91138 CVE-2016-5360 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) |
Denial | This strike exploits a vulnerability in HAProxy. Specifically, HTTP responses can be configured using the http-request and deny keywords. If a reqdeny rule is configured and then matched, upon receiving an HTTP request, the server will process this match, and send it to lookup any error messages. When this happens the matched data will likely be outside of the errormsg array boundary leading to memory corruption and a segmentation fault causing a denial of service to occur. |
| 4.3 | E16-5i401 |
CVE-2016-3244 CVSS-4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N) MS16-085 |
Exploits | This strike exploits a vulnerability in Microsoft Edge. The vulnerability is due to how UTF encoded characters are handled inside a TextNode object. When these characters are processed the TextNode content's size is not calculated correctly. This incorrect value can then lead to disclose memory information that may lead to the bypass of certain protection mechanisms like ASLR. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E16-3ns01 |
CVE-2016-0856 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | Modified Strike E16-3ns01 to include four additional vulnerable function IDs. The vulnerable application has multiple function IDs vulnerable to buffer overflow. The strike previously exploited only one of these function IDs. It now exploits five. |