Ixia ATI Update 2018-23 (346762)

Defects Resolved

Ticket Info
DE9913 The destination port of the encrypted flows for superflow "BreakingPoint Steam Login TLS Encypted" was changed to 443.
DE9914 The destination port of the encrypted Bing flow from superflow "Bing Search" was changed to 443.
DE10142 The Conditional Requests from 'DCE RPC MAPI Session' and 'DCE RPC MAPI with File Attachment' SuperFlows were updated to match IPs ending with '.10' which is the decimal code for the new line character.
DE10151 Fixed the issues of using wrong target string substitute which causing the "Thread+Subject" and "Thread+Body" not properly replaced by "Subject" and "Message" parameters. Refreshed the application and superflows with nwebgen.
DE10152 Transaction Flags for Skype V5 Super Flow are now using specified value.

Enhancements

Ticket Info
US85564 Separate actions with HTTP connection close to separate flows for "Amazon S3" superflows.

New Protocols & Applications (2)

Name Category Info
X11 Data Transfer/File Sharing The X Window System (X11, or simply X) is a windowing system for bitmap displays, common on Unix-like operating systems. It provides the basic framework for a GUI environment: drawing and moving windows on the display device and interacting with a mouse and keyboard.
Shopify Nov18 Enterprise Applications Shopify is a Canadian e-commerce company headquartered in Ottawa, Ontario. It is also the name of its proprietary e-commerce platform for online stores and retail point-of-sale systems. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.

New Super Flows (4)

Name Category Info
Shopify Nov 18 Common Usage Enterprise Applications Superflow simulating Shopify e-commerce platform common usage including loading the initial page, sing-in, accessing account settings, adding products, adding customers, checking the analytics feeds, adding discount codes, uploading files to be used in conjunction with products and logging out of session. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Shopify Nov 18 Order Creation Enterprise Applications Superflow simulating Shopify e-commerce platform usage for creating an order and updating the products stocks. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
X11 Connections Initiation System/Network Admin X11 Client and Server initiate connections. First the client sends a connection request and server would reply with connection accepted including server's the pixmap formats and screens information; another client requests connection and the server responds with authorization required, the client sends a connection request some authorization info and the server rejects the request with "Invalid Authorization Data " reason.
X11 Window Operations System/Network Admin A X11 Client initiates connection and performs several operations with server. First the client sends a connection request, server would reply with connection accepted including server's the pixmap formats and screens information; Then the client sends several requests including Create Window, ChangeWindowAttributes, ChangeProperty, ConfigureWindow, ChangeSaveSet, DestroyWindow, the server responds with CreateNotify, PropertyNotify, ConfigureNotify, BadMatchError messages accordingly; the client sends a DestroyWindow request in the end. A specific request, response, event, or error could be built by their "Generic" types, for example, the "Change Property" is built using "GenericRequest" with opcode 18; the second "Property Notify" is built using "GenericEvent" with event_code 28.

New Strikes (9)

CVSS ID References Category Info
9.0 E18-5m4l2 CVE-2018-15877
CVSS-9.0 (AV:N/AC:L/AU:S/C:C/I:C/A:C)
EXPLOITDB-45274
Exploits This strike exploits a command injection vulnerability in WordPress Plugin Plainview Activity Monitor. The vulnerability is due to improper sanitization of the ip parameter under lookup mode. By successfully exploiting this vulnerability, an authenticated attacker could perform remote code execution on the target server.
7.8 E18-5od61 CVE-2018-18778
CVSS-7.8 (AV:N/AC:L/AU:N/C:C/I:N/A:N)
URL
Exploits An arbitrary file read vulnerability has been reported in ACME mini_httpd. This vulnerability is due to the way mini_httpd process HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the affected server. Successful exploitation of this vulnerability can lead to disclosure of the content of arbitrary file on the target system.
7.6 D18-0jqs2 BID-103626
CVE-2018-0980
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
EXPLOITDB-44653
GOOGLE-1530
Denial This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that it is possible to incorrectly remove a bounds check. This may lead to a denial of service condition in the browser, or potentially remote code execution.
7.6 D18-0jph1 BID-103274
CVE-2018-0933
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
EXPLOITDB-44396
GOOGLE-1502
Denial This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that bypasses the fix for a stack to heap copy by adding a line that allocates "head" to the heap. This may lead to a denial of service condition in the browser, or potentially remote code execution.
7.6 D18-0jmu1 BID-102877
CVE-2018-0838
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
EXPLOITDB-44080
GOOGLE-1463
Denial This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that when NewScObjectNoCtor is used to set a new object's __proto__ type confusion can occur. This may lead to a denial of service condition in the browser, or potentially remote code execution.
7.5 E18-0oj01 CVE-2018-7180
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
EXPLOITDB-44133
Exploits This strike exploits an SQL injection vulnerability in the Saxum Astro 4.0.14 component for Joomla! The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure.
7.5 E18-8vck1 CVE-2018-1000116
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits A heap corruption vulnerability was discovered in net-snmp, a suite of Simple Network Management Protocol applications. The vulnerability is due to a buffer overflow triggered when parsing the PDU prior to the authentication process. A remote, unauthenticated attacker can take advantage of this flaw to crash the snmpd process or execute arbitrary code within the context of the snmpd user.
6.8 E18-5o711 BID-105749
CVE-2018-18557
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
GOOGLE-1697
Exploits The strike exploits a heap buffer overflow vulnerability in LibTIFF. The vulnerability is due to insufficient length checks while processing TIFF files compressed with JBIG. A remote, unauthenticated attacker can exploit this vulnerability by enticing a target user to open a crafted TIFF file compressed with JBIG with an application that uses LibTIFF. Successful exploitation could result in the execution of arbitrary code under the security context of the program using LibTIFF.
5.0 E18-0orm1 CVE-2018-7490
CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N)
EXPLOITDB-44223
Exploits This strike exploits a directory traversal vulnerability in uWSGI PHP plugin. The vulnerability is caused by insufficient validation of user input on HTTP requests. Successful exploitation could allow an attacker to have arbitrary file accessible on target system.