| Ticket | Info |
|---|---|
| DE8517 (1454155) | Improved logic for detecting when to apply HTTP::IgnoreHeaders evasion protocol. Test results will now ignore HTTP headers when determining blocked/allowed for: FileTransfer strikes, when Transport Protocol is set to HTTP, when TransportProtocol is set to All and the payload is sent via HTTP; and non-FileTransfer strikes that send HTTP content |
| US74242 | Fixed an issue for SMB strikes caused by the FileID being nil for all SMB requests following a Write AndX Request when run against a real target. |
| Ticket | Info |
|---|---|
| US74074 | Two new parameters for MQTT action "Send PUBLISH" have been added. "Payload from file" which allows the user to retrieve the content of a file as the payload of a Publish message, and "File encoding" which allows the user to encode the payload extracted from the file. |
| US75324 | Deprecate application protocol 'Office 365 Excel Online Jul15'. Deprecate 'Office 365 Excel Jul 15', 'Office 365 Excel Jul 15 Create Workbook' and 'Office 365 Excel Jul 15 Open Workbook' super flows. |
| US75330 | Deprecate application protocol 'Office 365 PowerPoint Online Jul15'. Deprecate 'Office 365 PowerPoint Jul 15', 'Office 365 PowerPoint Jul 15 Create Presentation' and 'Office 365 PowerPoint Jul 15 Open Presentation' super flows. |
| US75331 | Deprecate application protocol 'Office 365 Word Online Jul15'. Deprecate 'Office 365 Word Jul 15' super flow. |
| Name | Category | Info |
|---|---|---|
| CiscoSpark Aug17 | Chat/IM | Cisco Spark is a work collaboration platform developed by Cisco which includes instant messaging, video conferencing, file sharing and other features. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Kodi Sep17 | Voice/Video/Media | Kodi is a free and open-source media player that allows users to play and view digital media files from local and network storage media and the Internet. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Name | Category | Info |
|---|---|---|
| Cisco Spark Send File | Chat/IM | The user first signs into Cisco Spark desktop application. Next, the user adds a new contact. Then, the user sends a file to the contact. Finally, the user signs out of the application. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Cisco Spark Text Chat | Chat/IM | The user first signs into Cisco Spark desktop application. Next, the user adds a new contact. Then, the user uses the text message feature to communicate with the contact. Finally, the user signs out of the application. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Cisco Spark Video Call | Chat/IM | The user first signs into Cisco Spark desktop application. Next, the user adds a new contact. Then, the user uses the voice/video call feature to communicate with the contact. Finally, the user signs out of the application. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Kodi Sep 17 Install Add-ons | Voice/Video/Media | Simulates the installation of several add-ons in Kodi Media Player. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Kodi Sep 17 Play Audio | Voice/Video/Media | Simulates audio streaming in Kodi Media Player. The user searches for an audio stream, plays the selected audio and downloads the lyrics. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Kodi Sep 17 Play Video | Voice/Video/Media | Simulates video streaming in Kodi Media Player. The user searches for a video stream, plays the selected video and downloads a subtitle. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E16-09ds3 |
BID-97599 CVE-2016-7552 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) MSF-MODULES/EXPLOITS/MULTI/HTTP/TRENDMICRO_THREAT_DISCOVERY_ADMIN_SYS_TIME_CMDI.RB |
Exploits | This strike exploits a directory traversal vulnerability in Trend Micro's Threat Discovery Appliance. A pre-authenticated attacker can send an HTTP request to the device allowing for a configuration file to be deleted. This action may cause of denial of service, and when the server is rebooted, the login password is reset to the default, thus bypassing authentication and allowing the attacker to login. |
| 9.0 | E17-3eg31 |
BID-100829 CVE-2017-12611 CVSS-9.0 (AV:N/AC:M/AU:N/C:C/I:C/A:N) URL |
Exploits | This strike exploits a remote code execution vulnerability in Apache Struts2. When using an unintentional expression in Freemarker tag instead of string literals, it is possible for an attacker to craft a malicious payload that may allow for remote code execution to occur. |
| 8.5 | E17-3edq1 |
BID-100367 CVE-2017-12526 CVSS-8.5 (AV:N/AC:M/AU:S/C:C/I:C/A:C) URL ZDI-17-690 |
Exploits | This strike exploits An Expression Language injection vulnerability in Hewlett Packard Enterprise (HPE) Intelligent Management Center. The vulnerability is due to improper input validation of HTTP request parameters. A remote, authenticated attacker can execute arbitrary code on the targeted system by sending a crafted HTTP request to the target server. |
| 8.5 | E17-3ecr1 |
BID-100367 CVE-2017-12491 CVSS-8.5 (AV:N/AC:M/AU:S/C:C/I:C/A:C) URL ZDI-17-655 |
Exploits | This strike exploits An Expression Language injection vulnerability in Hewlett Packard Enterprise (HPE) Intelligent Management Center. The vulnerability is due to improper input validation of HTTP POST request payload. A remote, authenticated attacker can execute arbitrary code on the targeted system by sending a crafted HTTP request to the target server. |
| 7.8 | D17-0itt1 |
BID-100611 CVE-2017-9793 CVSS-7.8 (AV:N/AC:L/AU:N/C:N/I:N/A:C) SCIP-106166 SECURITYTRACKER-1039262 URL |
Denial | This strike exploits a denial of service vulnerability in Apache Struts2 REST plugin. Attacker can send a crafted XML file to cause the application server to terminate. Apache Struts 2.3.7 through 2.3.33, and 2.5 through 2.5.12 are vulnerable. |
| 7.6 | E17-0hyn1 |
BID-100071 CVE-2017-8671 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-42475 GOOGLE-1295 |
Exploits | This strike exploits a vulnerability in Microsoft Edge's Javascript Chakra engine. The Chakra engine uses the args.Info.Count - 1 as the length of the arguments when given. So this value must be 1 or greater. However, a condition exists in the Chakra Javascript engine where the args.Info.Count can be decremented to 0. This may result in a denial of service in the browser or potentially lead to remote code execution. |
| 7.6 | E17-0hy81 |
BID-100033 CVE-2017-8656 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-42464 GOOGLE-1266 |
Exploits | This strike exploits a vulnerability in Microsoft Edge's Javascript Chakra engine. Specifically, there exists a case where a destructuring assignment is passed as an argument to the catch statement, and the variable inside does not get properly initialized. This use of uninitialized memory when the variable is referenced later may result in a denial of service in the browser or potentially lead to remote code execution. |
| 7.5 | E16-09dn7 |
BID-97610 CVE-2016-7547 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) MSF-MODULES/EXPLOITS/MULTI/HTTP/TRENDMICRO_THREAT_DISCOVERY_ADMIN_SYS_TIME_CMDI.RB |
Exploits | This strike exploits a vulnerability in Trend Micro's Threat Discovery Appliance. Specifically, a post authentication file disclosure vulnerability exists when using the timezone parameter in the admin_sys_time.cgi interface. A malicious user can dump file contents as the root user when logged in. This exploit can be used in conjunction with CVE 2016-7552, the Trend Micro Threat Discovery Appliance authentication bypass vulnerability, to gain access to the device. |
| 5.0 | D17-m9w51 |
BID-100583 CVE-2017-14098 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) SCIP-106088 SECURITYTRACKER-1039253 URL |
Denial | This strike exploits a denial of service vulnerability in Digium Asterisk. When processing the uri in the To, From, or Contact fields, Asterisk does not verify the value is a valid SIP URI. If the value is a non-SIP URI, it will be type cast differently than a SIP URI, and later processed as a SIP URI. This results in an out of bounds read which will cause abnormal termination of the Asterisk service, resulting in a denial of service condition. |
| 4.3 | E17-m9y51 |
BID-100793 CVE-2017-8710 CVSS-4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N) SECURITYTRACKER-1039325 |
Exploits | This strike exploits an information disclosure vulnerability in the Microsoft Common Console Document. The vulnerability is due to improperly parsing the XML input containing a reference to an external entity. Successful exploitation allows an attacker to read arbitrary files via an XML external entity (XXE) declaration. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| N/A | G11-1r901 | Generic | Improved logic for detecting when to apply HTTP::IgnoreHeaders evasion protocol. Test results will now ignore HTTP headers when determining blocked/allowed for: FileTransfer strikes, when Transport Protocol is set to HTTP, when TransportProtocol is set to All and the payload is sent via HTTP; and non-FileTransfer strikes that send HTTP content |