| Ticket | Info |
|---|---|
| DE9058 (1466259) | Evergreen Facebook Jan 14, Evergreen Yahoogroups Jan 14, Evergreen Aolmail Jan 14, Evergreen Aolmail Jan 14 Send Message , Evergreen Aolmail Jan 14 Send Message Attachment, Evergreen Aolmail Jan14 View Message, Evergreen Aolmail Jan 14 View Message with attachment, Evergreen Aolchat Jan14, Evergreen Aolchat Jan14 Send Message and Evergreen Aolchat Jan14 Receive Message have been modified to expose the DNS actions for all the hosts. |
| Ticket | Info |
|---|---|
| US80445 | Deprecated old application protocol "Office 365 Outlook Sep17" because new application protocol "Office 365 Outlook Jan18" was implemented. |
| Name | Category | Info |
|---|---|---|
| Discord Dec17 | Chat/IM | The use use of the Discord website as of December 2017. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Office 365 Outlook Tasks Jan18 | Email/WebMail | The use of the Office365 Outlook Task website as of January 2018. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Name | Category | Info |
|---|---|---|
| DNS over TLS | Testing and Measurement | Transmit DNS query and response over TLS in 'Opportunistic Privacy Profile' as described into RFC7858. By default, a DNS server that supports DNS over TLS MUST listen for and accept TCP connections on port 853. In order to amortize TCP and TLS connection setup costs, clients and servers SHOULD NOT immediately close a connection after each response. Instead, clients and servers SHOULD reuse existing connections for subsequent queries as long as they have sufficient resources. In this example, there is a delay of 2 seconds before closing to simulate this documented behavior. |
| DNS over TLS - OneArm | Testing and Measurement | Transmit DNS query over TLS in 'Opportunistic Privacy Profile' as described into RFC7858 to a real DNS server. Then, this simulation will do an HTTP request to the IP included into the DNS response. Note by default, a DNS server that supports DNS over TLS MUST listen for and accept TCP connections on port 853. In order to amortize TCP and TLS connection setup costs, clients and servers SHOULD NOT immediately close a connection after each response. Instead, clients and servers SHOULD reuse existing connections for subsequent queries as long as they have sufficient resources. In this example, there is a delay of 2 seconds before closing to simulate this documented behavior. |
| Discord Dec 17 | Chat/IM | The use of the Discord website as of December 2017. All of the available actions for this flow are exercised. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Discord Dec 17 Chat | Chat/IM | The use of the Discord website as of December 2017. User sends a message to a friend. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Office 365 Outlook Tasks Jan 18 | Email/WebMail | The use of the Office365 Outlook Task website as of January 2018. All of the available actions for this flow are exercised. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Office 365 Outlook Tasks Jan 18 Create and Delete a Task | Email/WebMail | The use of the Office365 Outlook Task website as of January 2018. The user signs in to Office365 Tasks, creates a new task, views the list of active tasks and deletes the newly created task. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Name | Info |
|---|---|
| HSTS Enabled Applications | This profile is a mix of applications that use HTTP Strict Transport Security (HSTS). |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 9.3 | E17-3dvu1 |
BID-101757 CVE-2017-11882 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a buffer overflow vulnerability in EQNEDT component of Microsoft Office. The vulnerability is due to an invalidation of font name field length in an OLE object. An attacker could execute arbitrary code by enticing a user to open a maliciously crafted document using the vulnerable software. |
| 9.0 | E17-3egs1 |
CVE-2017-12636 CVSS-9.0 (AV:N/AC:L/AU:S/C:C/I:C/A:C) URL |
Exploits | This strike exploits a remote code execution vulnerability in Apache CouchDB. CouchDB administrative users can configure the database server via HTTP. Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. Successful exploitation will allow a CouchDB admin user to execute arbitrary shell commands as the CouchDB user. |
| 7.6 | E17-0bdp2 |
BID-96685 CVE-2017-0141 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. Javascript can be crafted in such a way that allows a heap overflow to occur when making a call to the ArrayReverse helper function. This may cause a denial of service condition in the browser, or potentially lead to remote code execution. |
| 7.6 | E17-0bdi1 |
BID-96687 CVE-2017-0134 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. Javascript can be crafted in such a way that allows the type JavascriptNativeIntArray to be changed to type JavascriptArray. This later leads to a disclosure of information such as memory addresses and fake object contents. |
| 7.5 | E17-lo5y1 |
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits file upload vulnerabilities in Prestashop CMS addons targeted by recently published XAttacker Tool. The main issue is the lack of sanitization of the user-supplied files by the components in charge of handling files upload queries. By exploiting these vulnerabilities, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. |
| 7.5 | E17-0dcn1 |
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-17303 EXPLOITDB-17734 URL |
Exploits | This strike exploits file upload vulnerabilities present in Joomla plugins and simulates scanning queries used by recently published XAttacker Tool. The main issue is the lack of sanitization of the user-supplied files by the components in charge of handling files upload queries. By exploiting these vulnerabilities, an unauthenticated attacker can obtain sensitive information that could be used in other attacks, can deface the target website or run arbitrary code by uploading files on the server and execute them. |
| 6.9 | E17-3i9n1 |
CVE-2017-17562 CVSS-6.9 (AV:L/AC:M/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a remote code execution vulnerability in EmbedThis GoAhead Web Server. The vulnerability is due to insufficient validation of CGI variables. To exploit the vulnerability, an attacker would create a HTTP CGI request that uses sets LD_PRELOAD=/proc/self/fd/0 in the query string and sets the POST data of the request to be in the form of a malicious shared library for the architecture of the device. |
| 6.8 | E17-3cna1 |
BID-101870 CVE-2017-10278 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a code execution vulnerability in Oracle Tuxedo Jolt Server. The vulnerability is due to a heap buffer overflow exists in the Jolt service. An attacker could send a crafted JOLT message to the target server and achieve remote code execution. |
| 6.4 | E17-3e711 |
BID-101527 CVE-2017-12285 CVSS-6.4 (AV:N/AC:L/AU:N/C:N/I:P/A:P) URL ZDI-17-918 |
Exploits | This strike exploits a directory traversal vulnerability in Cisco Prime Network Analysis Module. The sfile parameter of HTTP requests to /capture/graph.php is intended to read and delete a specified graph file. It is not sanitized for directory traversal characters. An attacker can send specially crafted HTTP requests to delete arbitrary files. |
| 5.0 | E17-3dlj1 |
BID-101788 CVE-2017-11511 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) URL |
Exploits | This strike exploits a directory traversal vulnerability in ManageEngine ServiceDesk. HTTP GET requests to the /fosagent/repl/download-file are intended to download files from a specific directory. However, the filepath parameter is not sanitized for directory traversal characters. An attacker can send an HTTP GET request with a specially crafted filepath parameter to download arbitrary files from the target system. |
| 5.0 | E17-0wyx1 |
CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) EXPLOITDB-42729 URL |
Exploits | This strike exploits a information disclosure vulnerability in D-Link DIR-8xx Wired/Wireless Router. This vulnerability is due to improper handling of key-value pairs sent through HTTP POST requests. By exploiting this vulnerability a remote, authenticated attacker can obtain sensitive data, including router credentials. |
| 4.7 | E17-0fei1 |
BID-102378 CVE-2017-5754 CVSS-4.7 (AV:L/AC:M/AU:N/C:C/I:N/A:N) URL |
Exploits | This strike exploits a vulnerable flaw present in most modern CPUs with Intel microarchitectures. The by-design Out of Order execution present in these CPUs allow for cached memory to be dumped through side channel attacks. This bug, known as Meltdown, allows for memory that is mapped to the Kernel space to be read by an unprivileged process. This strike sends 2 binaries tested on both Ubuntu and Debian based Linux systems with kernel versions 4.4.0-101-generic and 4.13.0-kali1-amd64. The first binary (secret) outputs the physical address of a hardcoded secret string. The second binary (phys_reader) is run with that address as the first argument, and the 2nd argument is either the offset to the direct physical memory map (if KASLR isn't disabled), or left blank. To view this run ./secret and (while still running), in another console run ./physical_reader arg1 arg2. Physical_reader can also be run with just one argument to start dumping memory. Once run physical memory at that address will be dumped to the screen. |
| 4.7 | E17-0fpl1 |
BID-102371 CVE-2017-5753 CVSS-4.7 (AV:L/AC:M/AU:N/C:C/I:N/A:N) URL |
Exploits | This strike exploits a vulnerability in modern Intel CPUs by leveraging a side-channel attack through the Javascript engine within a browser. This vulnerability is due to incomplete clearance of CPU cache memory after invalidation of a speculative execution result. By exploiting this vulnerability, an attacker can obtain sensitive data, like stored passwords or session IDs, from the browser's process memory. |