CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2021-1223 – Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-1223
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload. Múltiples productos de Cisco están afectados por una vulnerabilidad en el motor de detección de Snort que podría permitir a un atacante remoto no autenticado omita una política de archivos configurada para HTTP. • https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-filepolbypass-67DEwMe2 https://www.debian.org/security/2023/dsa-5354 • CWE-693: Protection Mechanism Failure •
CVSS: 5.8EPSS: 0%CPEs: 16EXPL: 0CVE-2020-3299 – Multiple Cisco Products SNORT HTTP Detection Engine File Policy Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-3299
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured File Policy for HTTP packets and deliver a malicious payload. Múltiples productos de Cisco están afectados por una vulnerabilidad en el motor de detección de Snort que podría permitir a un atacante remoto no autenticado omitir una Política de Archivos configurada para HTTP. • https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-bypass-3eCfd24j https://www.debian.org/security/2023/dsa-5354 • CWE-693: Protection Mechanism Failure •
CVSS: 4.3EPSS: 5%CPEs: 26EXPL: 5CVE-2009-3641 – Snort 2.8.5 - Multiple Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-3641
Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol. Snort anterior v.2.8.5.1, cuando la opción -v es activada, permite a atacantes remotos causar una denegación de servicio (caída aplicación) a través de un paquete Ipv6 manipulado que usa el protocolo (1) TCP o (2)ICMP. • https://www.exploit-db.com/exploits/33306 https://www.exploit-db.com/exploits/9969 http://dl.snort.org/snort-current/release_notes_2851.txt http://marc.info/?l=oss-security&m=125649553414700&w=2 http://seclists.org/fulldisclosure/2009/Oct/299 http://secunia.com/advisories/37135 http://securitytracker.com/id?1023076 http://vrt-sourcefire.blogspot.com/2009/10/snort-2851-release.html http://www.openwall.com/lists/oss-security/2009/10/25/5 http://www.osvdb.org/591 •
CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0CVE-2008-1804
https://notcve.org/view.php?id=CVE-2008-1804
preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. preprocessors/spp_frag3.c en Sourcefire Snort before 2.8.1 no identifica adecuadamente los fragmentos de paquetes que tienen valores TTL distintos, esto permite a atacantes remotos evitar las reglas de detección usando un paquete TTL para cada fragmento. • http://cvs.snort.org/viewcvs.cgi/snort/ChangeLog?rev=1.534.2.11 http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/spp_frag3.c.diff?r1=text&tr1=1.46.2.4&r2=text&tr2=1.46.2.5&diff_format=h http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=701 http://secunia.com/advisories/30348 http://secunia.com/advisories/30563 http://secunia.com/advisories/31204 http://securitytracker.com/id?1020081 http://www.ipcop.org/index.php? •
CVSS: 10.0EPSS: 71%CPEs: 10EXPL: 4CVE-2006-5276 – Snort 2.6.1 (Linux) - DCE/RPC Preprocessor Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-5276
Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic. Desbordamiento de búfer en el preprocesador DCE/RPC en Snort anterior a 2.6.1.3, y 2.7 anterior a beta 2; y Sourcefire Intrusion Sensor;permite a atacantes remotos ejecutar código de su elección mediante tráfico SMB manipulado. • https://www.exploit-db.com/exploits/3609 https://www.exploit-db.com/exploits/3362 https://www.exploit-db.com/exploits/18723 https://www.exploit-db.com/exploits/3391 http://fedoranews.org/updates/FEDORA-2007-206.shtml http://iss.net/threats/257.html http://secunia.com/advisories/24190 http://secunia.com/advisories/24235 http://secunia.com/advisories/24239 http://secunia.com/advisories/24240 http://secunia.com/advisories/24272 http://secunia.com/advisories/26746 htt •