CVE-2018-6794
Suricata < 4.0.4 - IDS Detection Bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual.
Suricata en versiones anteriores a la 4.0.4 es propenso a una vulnerabilidad de omisión de detección HTTP en detect.c y stream-tcp.c. Si un servidor malicioso interrumpe un flujo TCP normal y envía datos antes de que se complete el handshake tridireccional, los datos enviados por el servidor malicioso se aceptarán por parte de clientes web como el navegador web o herramientas de interfaz de línea de comandos de Linux, pero las firmas IDS de Suricata los ignorarán. Esto afecta a la mayoría de firmas IDS para el contenido del flujo TCP y los protocolos HTTP. Las firmas para los paquetes TCP inspeccionarán ese tráfico de red como de costumbre.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-02-06 CVE Reserved
- 2018-02-07 CVE Published
- 2023-07-01 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-693: Protection Mechanism Failure
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/12/msg00000.html | Mailing List |
|
| https://redmine.openinfosecfoundation.org/issues/2427 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/44247 | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/OISF/suricata/pull/3202/commits/e1ef57c848bbe4e567d5d4b66d346a742e3f77a1 | 2019-03-01 |
| URL | Date | SRC |
|---|---|---|
| https://suricata-ids.org/2018/02/14/suricata-4-0-4-available | 2019-03-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Suricata-ids Search vendor "Suricata-ids" | Suricata Search vendor "Suricata-ids" for product "Suricata" | < 4.0.4 Search vendor "Suricata-ids" for product "Suricata" and version " < 4.0.4" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||