PT-2018-1050 · Open Information Security Foundation+1 · Suricata+1

Kirill Shipulin

Published

2018-01-25

Updated

2021-06-24

CVE-2018-6794

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Suricata versions prior to 4.0.4

Description The issue allows a malicious server to bypass HTTP detection by sending data before the 3-way handshake is complete, which can be accepted by web clients but ignored by Suricata IDS signatures. This primarily affects IDS signatures for the HTTP protocol and TCP stream content.

Recommendations For Suricata versions prior to 4.0.4, update to version 4.0.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the detect.c and stream-tcp.c components until a patch is available.

Exploit

Fix

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-435CWE-693

Related Identifiers

ALT-PU-2020-3551

ALT-PU-2021-2056

BDU:2018-00358

CVE-2018-6794

DLA-1603-1

Affected Products

Alt Linux

Suricata

PT-2018-1050 · Open Information Security Foundation+1 · Suricata+1

CVE-2018-6794

Weakness Enumeration

Related Identifiers

Affected Products

References · 34