| Ticket | Info |
|---|---|
| DE8703 (1458129) | Sometimes when running strike E17-0hv01 (referenced by CVE 2017-8540) it does not send a malicious javascript file. This problem is now fixed for all strike variants. |
| DE8670 (1457111) | Fixed an issue in the Evasion Profile for strike E13-32301 (referenced by CVE 2013-0075) when "TCP DestinationPortType" was set to "static" and the "TCP DestinationPort" configured value was being ignored. |
| Ticket | Info |
|---|---|
| US77127 | Two new actions were added to the WebSocket protocol: "Load WebSocket Messages" and "Issue WebSocket Messages". These new actions make it easy to generate an large and controllable amount of WebSocket traffic.The new superflow "WebSocket Message Generation" was added to demonstrate this feature. |
| US77131 | SSL strikes now support the following DHE ciphers: DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 . By default, SSL strikes will now use DHE-RSA-AES128-GCM-SHA256. |
| US77578 | Modified Quic application Send Packet action. Added support for token usage in Sequence Number field. For example you can increment the sequence number value with a goto loop using the token ##int_C(seed_goto_iteration,1,255)##. |
| US77984 | Altered the name of three super flows to indicate that they are intended to be used with TrafficRewind/LiveAppSim: 'Unclassified Bandwidth - UDP' to 'TrafficRewind Unclassified Bandwidth - UDP', 'Unclassified Bandwidth - TCP' to 'TrafficRewind Unclassified Bandwidth - TCP', 'Bandwidth HTTP Dynamic Host' to 'TrafficRewind Bandwidth HTTP Dynamic Host'. |
| US77985 | Altered the response size of superflow TrafficRewind BreakingPoint Bandwidth HTTP Dynamic Host to minimum of 51200 bytes and maximum of 1024000 bytes. |
| Name | Category | Info |
|---|---|---|
| GoogleSheets Oct 17 | Data Transfer/File Sharing | Google Sheets is web application that allows user to create, edit, or share excel sheet with others using web browser only. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Jira Service Desk Oct17 | Enterprise Applications | Jira Service Desk Cloud is a place for employees to ask for help, report incidents, or request new services. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Name | Category | Info |
|---|---|---|
| Bandwidth QUIC | Data Transfer/File Sharing | This is a simulation of a large bandwidth QUIC connection. It is a simple HTTP request and a large response carried out on stream 2. |
| WebSocket Message Generation | System/Network Admin | This Super Flow starts a conversation between two peers and then sends the messages contained in a file between the two peers. |
| Google Sheets Oct 17 | Data Transfer/File Sharing | The user performs the following actions - navigate to Google Sheets site, signs in with an email address, starts a new sheet by choosing a blank template, the user names the new sheet and inputs data, then shares the sheet with another user, the user signs out of the application. |
| Jira Service Desk Help Center Issue Oct17 | Enterprise Applications | Simulates a client creating a new system issue via Help Center. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Jira Service Desk Issue Management Oct17 | Enterprise Applications | Simulates a user logging in then search, comment, edit and create issues. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Jira Service Desk Project Management Oct17 | Enterprise Applications | Simulates a user that views and selects projects. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 9.3 | E17-3dsz1 |
CVE-2017-11779 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) ZDI-17-846 URL |
Exploits | This strike exploits a Heap-Based Buffer Overflow vulnerability in Microsoft Windows Dnsapi Library. The vulnerability is due to improper handling of some fields in the NSEC3 resource record sent in response to a DNS request. An attacker could remotely execute arbitrary code on a target system by sending a malicious DNS response. |
| 7.8 | E16-qlne1 |
CVSS-7.8 (AV:N/AC:L/AU:N/C:C/I:N/A:N) URL |
Exploits | This strike exploits a directory traversal vulnerability in Oracle GlassFish 4.1 and prior versions. The vulnerability can be exploited by issuing a crafted HTTP GET request utilizing a %C0%2F instead of (/),URL encoding. The vulnerability allows attackers to read arbitrary files on the server. |
| 7.8 | E17-3dt11 |
BID-101140 CVE-2017-11781 CVSS-7.8 (AV:N/AC:L/AU:N/C:N/I:N/A:C) URL ZDI-17-843 |
Denial | This strike exploits an Out of Bounds Read vulnerability in Microsoft Windows SMB Server. The vulnerability can be triggered by sending a crafted request to the target system. By exploiting this vulnerability, an attacker could crash the target server. NOTE: When run in OneArm mode, the strike requires /Users to be shared and Anonymous access enabled |
| 7.6 | E17-ma3t1 |
BID-101138 CVE-2017-11811 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) SECURITYTRACKER-1039529 |
Exploits | This strike exploits a vulnerability in Microsoft Edge. Specifically, the vulnerability exists within the Chakra engine's DoBodyLoopStart function. When iterating through a loop that contains a switch statement, it is possible to craft javascript in a way that causes an out of bounds memory read. The DoBodyLoopStart function calls compiled code that contains an offset to read a memory address outside the bounds of the allocated dynamic code, which leads to an out-of-bounds memory read. |
| 7.6 | E17-m9ym1 |
BID-100726 CVE-2017-11764 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) SECURITYTRACKER-1039342 |
Exploits | This strike exploits a vulnerability in Microsoft Edge. Specifically, the vulnerability exists within the Chakra engine's ParseCatch function. It is possible to craft javascript in a way that causes type confusion to occur if a catch statement contains an eval function that is encapsulated in a destructuring assignment declaration. This can lead to a memory access violation causing a denial of service in the browser or potentially allowing for remote code execution to occur. |
| 7.5 | E17-3fwc1 |
BID-101085 CVE-2017-14492 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a heap buffer overflow in DNSMasq. Router Solicitation messages are copied into a fixed length buffer without verification. An overly large length value will trigger a heap buffer overflow. Successful exploitation may result in arbitrary code execution with root privileges. |
| 7.5 | E17-3fwb1 |
BID-101085 CVE-2017-14491 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-42941 SECURITYTRACKER-1039474 URL |
Exploits | This strike exploits a heap overflow vulnerability in DNSMasq. The domain name field of a PTR record may be a two byte pointer instead of a length encoded name. DNSMasq will convert the pointer into a length encoded name before caching the data. By using long extracted names, an attacker can cause DNSMasq to cache a very long record. Upon requesting the record a second time, DNSMasq will attempt to copy the cached message into a fixed length heap buffer, resulting in a heap buffer overflow. Successful exploitation may result in arbitrary code execution with privileges of the DNSmasq process, or abnormal termination of the DNSmasq process, resulting in a denial of service condition. |
| 6.8 | E17-0hha1 |
BID-100948 CVE-2017-8046 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a remote code execution vulnerability in Pivotal Spring Data REST. The vulnerability exists due to insufficient checking when handling the PATCH request messages. Malicious PATCH requests submitted to spring-data-rest servers can use crafted JSON data to run arbitrary Java code. |
| 6.8 | E17-3flj2 |
BID-100971 CVE-2017-14103 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) SCIP-106081 URL |
Exploits | This strike exploits an Use After Free vulnerability in Graphics Magic. The vulnerability is due to improper management of image pointers after certain error conditions. An attacker could conduct use-after-free attacks by enticing a user to open a crafted file using the vulnerable software. NOTE: This vulnerability exists because of an incomplete fix for CVE-2017-11403. |
| 6.8 | E17-3dij1 |
BID-100968 CVE-2017-11403 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) SCIP-103712 URL |
Exploits | This strike exploits an Use After Free vulnerability in Graphics Magic. The vulnerability is due to an out-of-order call of one of the routines handling PNG files. An attacker could execute arbitrary code by enticing a user to open a crafted file using the vulnerable software. |