| Ticket | Info |
|---|---|
| ATIBPS-16344 | Added 2 smart strikelists: Consumer Application Strikes and Business Application Strikes. Consumer Application Strikes contains a list of strikes targeting vulnerabilities in applications not usually found on business networks; strikes are included in the list by the use of 'consumer' keyword. Business Application Strikes contains strikes targeting vulnerabilities in applications frequently found on business networks. It is intended to be used as the default strikelist for basic DUT attack-detection-performance comparisons. It includes strikes from backdoors, denial, and exploits strike directories, as well as excluding strikes with 'consumer' keyword. |
| ATIBPS-12601 | Set the User Agent flow parameter in the 'Zalo Audio/Video Session' and 'Zalo VOIP' SuperFlows to a more realistic value. |
| Name | Category | Info |
|---|---|---|
| Youku Web Dec19 | Social Networking/Search | Youku, founded in 2006, is one of China's top online video and streaming service platforms where user can view, upload, rate, share videos. Youku also has paid streaming services for shows and films. It operates as a subsidiary of Alibaba Group. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Telegram | Voice/Video/Media | Telegram is a cloud-based mobile and desktop messaging app with a focus on security and speed. |
| Name | Category | Info |
|---|---|---|
| Youku Web Dec 19 | Social Networking/Search | Simulates the use of Youku website with web broswer as of December 2019. All of the available actions for this flow are exercised. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Youku Web Dec 19 Sign In and Sign Out | Social Networking/Search | Simulates the use of Youku website with web broswer as of December 2019. The user loads the youku main page, signs in then signs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Telegram Voice Call | Voice/Video/Media | This simulates a Telegram Voice Call communication. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E19-0wkp1 |
CVE-2019-7609 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike replicates a remote code execution attack on Elastic Kibana, through a JavaScript prototype pollution vector. The vulnerability is due to lack of sanitization for user supplied data when parsing Timelion component requests. By exploiting this flaw, a remote unauthenticated attacker might execute arbitrary code on the target system. |
| 10.0 | E19-0ul11 |
CVE-2019-5029 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a command injection vulnerability in the Exhibitor Web UI. The vulnerability is due to improper parsing of parameters passed to the config editor web form. A malicious attacker can exploit this by performing a specially-crafted HTTP request. Successful exploitation leads to arbitrary commands being run in the context of the user running the Exhibitor server. |
| 9.3 | E19-0rtk1 |
CVE-2019-1448 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits an use-after-free vulnerability in the Excel component of Microsoft Office. The vulnerability is due to improper handling of XML elements by the 'MSO.DLL' library. The vulnerability can be exploited by crafting a malicious XML file and enticing a user to download and open it. Successful exploitation may result in execution of arbitrary code with user privileges. |
| 5.0 | D19-7ohu1 |
CVE-2019-12258 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) URL |
Denial | A denial-of-service vulnerability exists in VxWorks' TCP stack, for Wind River VxWorks versions 6.6 through vx7. Whenever a TCP packet with malformed options is received, the SEQ and ACK numbers are not being checked, and a RST on the connection is immediately issued. By spoofing the source IP address and bruteforcing the source port number space (1024 through 65535), an attacker may send packets to a server in order to cause resets (DoS) on established TCP connections. |
| Ticket | Info |
|---|---|
| ATIBPS-16328 | Fixed bug in LwM2M over CoAP actions in which packets were sent from an incorrect host. |
| ATIBPS-16317 | Fixed install error "Value for 'max' must be less than or equal to '256'" by removing invalid test models. |
| ATIBPS-16289 | Updated the malicious request for E19-5pn61 to contain the metacharacter needed to trigger the command injection. |
| ATIBPS-16218 | Updated proto attribute for 15 strikes.
Proto attribute for D17-mama1 corrected to 'omapi' The following strikes had proto corrected to 'bootp': E11-54c01, G11-54c01. The following strikes had proto corrected to 'dhcp': D06-2eq01, D07-45101, D10-4nw01, D17-3d6y1, E06-4tw01, E11-3rp01, E12-4ns01, E19-0r4j1, E19-0r6q1, E19-0r8p1, G04-3cs01, G04-3p001. |
| ATIBPS-16149 | Added 'consumer' keyword to several exploits/misc and generic/ixia strikes. |
| ATIBPS-16141 | Edited E10-32001 such that the attack and description reflect a 2-host attack scenario. |
| ATIBPS-16135 | Added 'consumer' keyword to D14-q1y01. |
| ATIBPS-16117 | Added 'consumer' keyword to E18-0yb81. |
| ATIBPS-8054 | Make security test runner more reliable if the connection between the vController and the vBlade breaks, in a VM setup (port 8912).
The reconnection is attempted three times and finally the test exits gracefully with logging the cause of the failure (BPS UI > Control Center > Administration). |
| ATIBPS-16342 | Re-adding recently deleted strikes to prevent errors in custom tests.
The following strikes were re-added and marked as deprecated: G05-39w01, G08-3cp01, G11-3rm01. |