QwikSec

Security Database

CVE

CWE

Training

CVE-2018-6794

Published: Feb 7, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/OISF/suricata/pull/3202/commits/e1ef57c848bbe4e567d5d4b66d346a742e3f77a1

x_refsource_CONFIRM

[debian-lts-announce] 20181204 [SECURITY] [DLA 1603-1] suricata security update

mailing-list

x_refsource_MLIST

https://redmine.openinfosecfoundation.org/issues/2427

x_refsource_CONFIRM

https://suricata-ids.org/2018/02/14/suricata-4-0-4-available/

x_refsource_CONFIRM

exploit

x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.