| Ticket | Info |
|---|---|
| DE10421 (BUG1510289) | Fixed syntax errors in HTTP header (200OK -> 20 0OK) for Amazon Video super flow. |
| DE10435 | Fixed the "Accept-Language" header for the following strikes: cve_2015_1622, cve_2015_2391, cve_2015_240, cve_2015_2425, cve_2015_2446, cve_2015_2448, cve_2015_2499, cve_2015_6053, cve_2015_6065, cve_2015_6075, cve_2016_0034, E15-0oz01. |
| DE10438 (BUG1511489) | Setting the evasion variant limit to 5k. |
| DE10445 (BUG1510992) | The strike for cve_2018_7183 incorrectly sent the malicious server response from the client to the server instead of server to client. This has been corrected. |
| Ticket | Info |
|---|---|
| US74563 | Support for the following cipher suites within BPS Evasion Profiles has been added:- ECDHE-ECDSA-AES128-GCM-SHA256- ECDHE-ECDSA-AES256-GCM-SHA384- ECDHE-ECDSA-AES128-SHA- ECDHE-ECDSA-AES256-SHA- ECDHE-ECDSA-AES128-SHA256- ECDHE-ECDSA-AES256-SHA384- ECDHE-RSA-AES128-GCM-SHA256- ECDHE-RSA-AES256-GCM-SHA384- ECDHE-RSA-AES128-SHA- ECDHE-RSA-AES256-SHA- ECDHE-RSA-AES128-SHA256- ECDHE-RSA-AES256-SHA384 |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E19-0tbo2 |
BID-107543 CVE-2019-3396 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a file inclusion and remote command execution vulnerability in Atlassian Confluence Server. The vulnerability is due to improper sanitization of the "_template" parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server and achieve file inclusion or achieve remote command execution by SSTI, inject malicious template and have it executed. |
| 9.3 | E19-0bds1 |
CVE-2017-0144 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) MS17-010 URL |
Exploits | This strike recreates a buffer overflow attack in Microsoft Windows SMBv1 service. The vulnerability is due to insufficient sanitization of user-supplied input while processing SMB_COM_NT_TRANSACT requests. A remote, unauthenticated attacker could exploit this vulnerability via a specially-crafted SMB packet, containing a bad value for 'SizeOfListInBytes' for the specified SMB package type. Successful exploitation leads to arbitrary code execution on the target system. * NOTE: This vulnerability was targeted with ShadowBrokers EternalBlue exploit. |
| 7.6 | E19-0pfn2 |
BID-104978 CVE-2018-8355 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-45432 GOOGLE-1588 |
Exploits | This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. It is possible to create javascript in such a way that allows for type confusion to occur when utilizing the Javascript localCompare method. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
| 7.5 | E19-0vlf1 |
CVE-2019-6339 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL ZDI-19-130 |
Exploits | A remote code execution vulnerability exists in Drupal 7.x before 7.62, Drupal 8.5.x before 8.5.9 and Drupal 8.6.x before 8.6.6. The vulnerability is located within the PHP's built-in phar stream wrapper, when performing file operations on an untrusted 'phar://' URI. A remote attacker can exploit this vulnerability by sending a crafted HTTP packet to the target service. Successful exploitation could lead to arbitrary code execution or crash of the vulnerable application. |
| 7.5 | E19-0st11 |
BID-108074 CVE-2019-2725 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-46780 URL |
Exploits | This strike simulates a remote code execution attack on a Oracle Weblogic Server. The flaw is due to no authentication and no client input sanitization on server when receiving SOAP calls. By exploiting a vulnerable system, a remote unauthenticated attacker is able to execute arbitrary commands on the target system. |
| 7.5 | E19-5o5g1 |
BID-106781 CVE-2018-18500 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike simulates the traffic caused by exploiting a vulnerability in the Mozilla Firefox browser. Specifically, the vulnerability exists in the 'Custom Elements' stream handler component of Firefox. When handling an HTML5 stream in concert with custom HTML elements, the stream parser object is freed while still in use, leading to a crash. An attacker can exploit this vulnerability by passing a malicious web page to the targeted browser. |
| 7.5 | D19-7nkw1 |
BID-107907 CVE-2019-11072 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Denial | This strike exploits an integer overflow vulnerability in Lighttpd. The vulnerability is due to url mishandling of /%2F? in burl.c under HTTP GET request. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation results in denial-of-service on the target server. *Note: The exploit will work only when the target server's configuration "url-path-2f-decode" is set to enable. |
| 6.8 | E19-0mbf2 |
CVE-2018-4315 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) GOOGLE-1604 |
Exploits | This strike exploits a vulnerability in Apple Safari Webkit. Specifically, it is possible to craft Javascript in such a way that allows for a use-after-free vulnerability to occur when calling the updateReferencedText method. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
| 5.5 | E19-0sq21 |
CVE-2019-2618 CVSS-5.5 (AV:N/AC:L/AU:S/C:P/I:P/A:N) URL |
Exploits | This strike simulates an arbitrary file upload attack on Oracle Weblogic. The vulnerability is a result of no sanitization for the 'wl_upload_application_name' header. Successful exploitation requires valid credentials and leads to arbitrary file upload and remote code execution. |
| 5.0 | D19-7nzg1 |
CVE-2019-11596 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) URL |
Denial | This strike exploits a null pointer dereference vulnerability in Memcached daemon. The vulnerability is due to inadequate 'lru' command client request handing. By crafting a special MEMCACHE packet, an attacker can cause denial-of-service conditions in the context of the targeted application. |