Ixia ATI Update 2018-24 (347709)

Defects Resolved

Ticket Info
DE10101 Fixed host headers for Strikes E02-09101, E02-09102.
DE10140 Strikes that do not specify a HTTP 'Content-Length' header, but send a POST, PUT, or PATCH with no body, now include a default 'Content-Lenght' header with '0' as value, according to RFC7231.
DE10141 Strikes that do not specify a HTTP 'Content-Type' header, but send a POST, PUT, or PATCH, now include a default 'Content-Type' header of 'application/octet-stream' according to RFC7231.

Enhancements

Ticket Info
US92625 Changed the last 'delay' action from the superflow 'BreakingPoint SIP/RTP Direct Voice Call (TCP Transport)' to be done on the client size.
US92626 Patched the 'BreakingPoint SIP/RTP Direct Voice Call (TCP Transport)' superflow to fill the 'Via' header correctly when using both the proxy and NAT flags.

New Strikes (11)

CVSS ID References Category Info
7.8 E18-0m191 CVE-2018-3949
CVSS-7.8 (AV:N/AC:L/AU:N/C:C/I:N/A:N)
URL
Exploits This strike exploits a directory traversal vulnerability in TP-Link TL-R600VPN router. The vulnerability can be exploited by issuing GET requests to the '/help' path. Since the webserver runs with root privileges, an attacker may gain access to the contents of any file residing on the file system.
7.8 E18-5lzw1 CVE-2018-15708
CVSS-7.8 (AV:N/AC:L/AU:N/C:C/I:N/A:N)
URL
Exploits This strike exploits a remote code execution vulnerability in Nagios XI Snoopy component. The vulnerability resides in the lack of request sanitization when parsing the 'url' parameter within 'magpie_debug.php' file. By providing the '-o' flag within the parameter's value, an attacker is able to download a Php script from an arbitrary url and dump it to a publicly accessible path in order to execute commands on the target system.
7.6 D18-0no12 BID-103297
CVE-2018-6065
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
EXPLOITDB-44584
GOOGLE-1526
Denial This strike exploits a vulnerability in the Google Chrome browser. Specifically, the vulnerability exists in the Google Chrome V8 javascript engine. By passing a prototype chain of objects with a large expected_nof_properties the instance_size value can be controlled. An integer overflow results in too small of a value being used causing memory corruption to occur. This may lead to a denial of service condition in the browser, or potentially remote code execution.
7.6 D18-0no01 BID-103297
CVE-2018-6064
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
EXPLOITDB-44394
GOOGLE-1498
Denial This strike exploits a vulnerability in the Google Chrome browser. Specifically, the vulnerability exists in the Google Chrome V8 javascript engine. It is possible to change the elements kind by getters. This may lead to a denial of service condition in the browser, or potentially remote code execution.
7.5 E18-5op31 BID-105921
CVE-2018-19207
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a remote code execution existing in the WordPress GDPR Compliance plugin. The vulnerability resides in the lack of requests authorization when performing the AJAX 'wpgdprc_process_action' call as a unauthenticated user, resulting in alteration of database entries. An attacker is thus able to add a privileged user to a WordPress platform and subsequently execute PHP code as the user under which the HTTP server runs.
7.5 E18-5lb41 BID-105728
CVE-2018-14816
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
SECURITYTRACKER-1041939
URL
Exploits This strike exploits a buffer overflow vulnerability in Advantech WebAccess. The vulnerability is due to lack of boundary checks while copying user-supplied data into a stack buffer within BwPSLinkZip.exe. By building a special RPC request, an attacker can cause arbitrary code execution or abnormal termination of the WebAccess process.
7.5 E18-0l8h1 BID-105651
CVE-2018-2913
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a buffer overflow vulnerability in Oracle GoldenGate Manager. The vulnerability is due to an input validation error when processing malformed command names. A remote unauthenticated attacker can exploit this vulnerability by sending a malformed command to the target application. Successful exploitation could lead to arbitrary code execution.
5.0 E18-5m001 CVE-2018-15712
CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N)
URL
Exploits An unauthenticated stored cross-site scripting vulnerability exists in Nagios XI web interface. The vulnerability resides within 'api_tool.php' and can be exploited by crafting a GET request containing a malicious 'host' parameter. The parameter's value is then stored in bpi.conf and is later included in the web management interface. By exploiting this vulnerability an attacker could execute arbitrary scripts on the target browser.
5.0 E18-5oq61 CVE-2018-19246
CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N)
EXPLOITDB-45861
Exploits This strike simulates an exploitation of a local file inclusion vulnerability present in PHP Proxy. The vulnerability results from the lack of input sanitization when handling the 'q' parameter. By exploiting this flaw, an attacker could read arbitrary files from the server's file system.
4.3 E18-5orb1 CVE-2018-19287
CVSS-4.3 (AV:N/AC:M/AU:N/C:N/I:P/A:N)
EXPLOITDB-45880
Exploits This strike exploits a command injection vulnerability in WordPress Plugin Plainview Activity Monitor. The vulnerability is due to improper sanitization of the ip parameter under lookup mode. By successfully exploiting this vulnerability, an authenticated attacker could perform remote code execution on the target server.
4.3 E18-5mgz1 CVE-2018-16323
CVSS-4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N)
URL
Exploits This strike exploits an out of bounds array-indexing vulnerability in ImageMagick. The vulnerability is due to uninitialized data when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. By enticing a user to process or upload a specially crafted image to a server which automatically processes images, an attacker could obtain sensitive information from the target system.

Modified Strikes (1)

CVSS ID References Category Info
7.5 E18-8vck1 CVE-2018-1000116
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits Remade strike