Open Information Security Foundation · Suricata · CVE-2018-6794
**Name of the Vulnerable Software and Affected Versions**
Suricata versions prior to 4.0.4
**Description**
The issue allows a malicious server to bypass HTTP detection by sending data before the 3-way handshake is complete, which can be accepted by web clients but ignored by Suricata IDS signatures. This primarily affects IDS signatures for the HTTP protocol and TCP stream content.
**Recommendations**
For Suricata versions prior to 4.0.4, update to version 4.0.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the detect.c and stream-tcp.c components until a patch is available.