| Ticket | Info |
|---|---|
| US80689 | The max length of uri parameter in HTTP GET request was increased from 6000 to 16000. |
| Name | Category | Info |
|---|---|---|
| NTP Retries | Testing and Measurement | This simulates the synchronization of clocks to remote servers on the network via the Network Time Protocol [RFC 5905] with retries from NTP client in case of synchronization failure. |
| SNMPv2c Retries | Testing and Measurement | Simulation of SNMP retries done by SNMP client in case of application failure. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E15-zzre1 |
BID-76865 CVE-2015-5082 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-38096 |
Exploits | This strike exploits a input validation error present in Endian Firewall. Vulnerability can be exploited by crafting a special HTTP request to the target. Successful exploitation would result in arbitrary command execution in the security context of Apache httpd server. |
| 10.0 | E18-0jvv1 |
CVE-2018-1163 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits an authentication bypass vulnerability in Quest NetVault Backup. The vulnerability is due to insufficient validation of the checksession parameter in multipart HTTP requests. Successful exploitation may result in successful bypass of the authentication mechanism. |
| 10.0 | E17-3eem2 |
BID-101152 CVE-2017-12558 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL ZDI-17-833 |
Exploits | This strike exploits a remote code execution vulnerability in Hewlett Packard Enterprise (HPE) Intelligent Management Center. The vulnerability is due to insecure deserialization of user input data sent through HTTP. A remote, unauthenticated attacker can run arbitrary commands on the targeted system by sending a crafted HTTP request to the target server. |
| 9.3 | E17-0hzx1 |
BID-101161 CVE-2017-8717 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) URL ZDI-17-840 |
Exploits | This strike exploits a buffer overflow vulnerability in JET database engine component of Microsoft Office. The vulnerability is due to an invalidation of "cch" field of some BIFF substreams. An attacker could execute arbitrary code by enticing a user to open a maliciously crafted document. |
| 7.8 | E18-3dlk2 |
BID-101789 CVE-2017-11512 CVSS-7.8 (AV:N/AC:L/AU:N/C:C/I:N/A:N) URL |
Exploits | This strike exploits an absolute path traversal vulnerability in the DownloadSnapshotServlet module on the ManageEngine ServiceDesk application. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation results in the disclosure of arbitrary file contents from the target server. |
| 7.6 | E17-3dvl3 |
BID-101728 CVE-2017-11873 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-43154 GOOGLE-1357 |
Exploits | This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. Javascript can be crafted in such a way that allows for type confusion to occur when OP_memset is called to change the type of a float array. This may cause a denial of service condition in the browser, or potentially lead to remote code execution. |
| 7.6 | E17-3duo1 |
BID-101734 CVE-2017-11840 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-43183 GOOGLE-1365 |
Exploits | This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. Javascript can be crafted in such a way that allows for type confusion to occur when setting the value of an object property, and then changing its internal type during optimization. This may cause a denial of service condition in the browser, or potentially lead to remote code execution. |
| 7.5 | E16-09qz1 |
BID-95981 CVE-2016-8027 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) |
Exploits | An SQL injection vulnerability exists in McAfee ePolicy Orchestrator. The vulnerability is due to insufficient input validation. The successful exploitation of this vulnerability can result in database information disclosure without authentication via a specially crafted HTTP POST request. |
| 7.5 | E17-0i7m1 |
BID-100588 CVE-2017-8994 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL ZDI-17-715 |
Exploits | This strike exploits a remote code execution vulnerability in Hewlett Packard Operations Orchestration. The vulnerability is due to insecure deserialization of user input data sent through HTTP. A remote, unauthenticated attacker can run arbitrary commands on the targeted system under the context of the user running the web application. |
| 6.9 | E17-3hzz1 |
BID-102344 CVE-2017-17215 CVSS-6.9 (AV:L/AC:M/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a remote command execution vulnerability in Huawei HG532 Router. The vulnerability is due to insufficient validation of NewDownloadURL and NewStatusURL in SOAP XML. The exploit has been used in okiru/satori, a variant of Mirai. |
| 5.0 | E17-3cn31 |
BID-101304 CVE-2017-10271 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) URL |
Exploits | An insecure deserialization vulnerability was found in Oracle WebLogic Server due to insufficient validation of serialized XML data. Vulnerability can be exploited by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution in the context of the user running WebLogic. |
| 5.0 | E17-6v3a1 |
CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) URL |
Exploits | This strike emulates a TLS handshake using an RSA Encrypted PreMaster Secret, which may be vulnerable to the Return Of Bleichenbacher's Oracle Threat (ROBOT) decryption attack. Due to incorrect handling of improperly padded or invalid RSA Encrypted PreMaster Secrets, information which may be used to decrypt or decipher the server's private key is leaked. Successful exploitation may result in decryption of encrypted communications or may allow the attacker to sign cryptographically sign messages with the server's private key. This strike only emulates a vulnerable handshake and does not emulate an attack. TLS_RSA ciphers have not been deprecated for TLS 1.1 or 1.2, but is deprecated for TLS 1.3. The researchers who have discovered the vulnerability recommend disabling TLS_RSA ciphers. |