CVE-2018-6794
5.3
CVSS Score
Medium
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Link copied!
Description
Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual.
CVSS Vector Details
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Affected Software Configurations
- a suricata-ids suricata * * * * * * * *
- o debian debian_linux 8.0 * * * * * * *
Weaknesses (CWE)
- CWE-693
References & External Links
- https://github.com/OISF/suricata/pull/3202/commits/e1ef57c848bbe4e567d5d4b66d346a742e3f77a1
- https://lists.debian.org/debian-lts-announce/2018/12/msg00000.html
- https://redmine.openinfosecfoundation.org/issues/2427
- https://suricata-ids.org/2018/02/14/suricata-4-0-4-available/
- https://www.exploit-db.com/exploits/44247/
- https://github.com/OISF/suricata/pull/3202/commits/e1ef57c848bbe4e567d5d4b66d346a742e3f77a1
- https://lists.debian.org/debian-lts-announce/2018/12/msg00000.html
- https://redmine.openinfosecfoundation.org/issues/2427
- https://suricata-ids.org/2018/02/14/suricata-4-0-4-available/
- https://www.exploit-db.com/exploits/44247/
External Resources
CVE History Timeline
Mar 08, 2018 02:29
CVE Modified
Mar 13, 2018 16:35
Initial Analysis
Jun 07, 2018 13:21
Reanalysis
Jun 14, 2018 01:29
CVE Modified
Dec 05, 2018 11:29
CVE Modified
Mar 01, 2019 23:33
Modified Analysis
May 14, 2024 05:24
CVE Modified
Nov 21, 2024 04:11
CVE Modified