CVE-2018-6794

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual.

Published : 2018-02-07 05:29 Updated : 2019-03-01 23:33

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Suricata-ids Suricata 0.8.2 cpe:/a:suricata-ids:suricata:0.8.2
Suricata-ids Suricata 1.0.0 cpe:/a:suricata-ids:suricata:1.0.0
Suricata-ids Suricata 1.0.1 cpe:/a:suricata-ids:suricata:1.0.1
Suricata-ids Suricata 1.0.2 cpe:/a:suricata-ids:suricata:1.0.2
Suricata-ids Suricata 1.0.3 cpe:/a:suricata-ids:suricata:1.0.3
Suricata-ids Suricata 1.0.4 cpe:/a:suricata-ids:suricata:1.0.4
Suricata-ids Suricata 1.0.5 cpe:/a:suricata-ids:suricata:1.0.5
Suricata-ids Suricata 1.1 cpe:/a:suricata-ids:suricata:1.1
Suricata-ids Suricata 1.1 cpe:/a:suricata-ids:suricata:1.1:b1
Suricata-ids Suricata 1.1 cpe:/a:suricata-ids:suricata:1.1:b2
Suricata-ids Suricata 1.1 cpe:/a:suricata-ids:suricata:1.1:b3
Suricata-ids Suricata 1.1 cpe:/a:suricata-ids:suricata:1.1:rc1
Suricata-ids Suricata 1.1.1 cpe:/a:suricata-ids:suricata:1.1.1
Suricata-ids Suricata 1.2 cpe:/a:suricata-ids:suricata:1.2
Suricata-ids Suricata 1.2 cpe:/a:suricata-ids:suricata:1.2:rc1
Suricata-ids Suricata 1.2.1 cpe:/a:suricata-ids:suricata:1.2.1
Suricata-ids Suricata 1.3 cpe:/a:suricata-ids:suricata:1.3
Suricata-ids Suricata 1.3 cpe:/a:suricata-ids:suricata:1.3:b1
Suricata-ids Suricata 1.3 cpe:/a:suricata-ids:suricata:1.3:b2
Suricata-ids Suricata 1.3 cpe:/a:suricata-ids:suricata:1.3:b3
Suricata-ids Suricata 1.3 cpe:/a:suricata-ids:suricata:1.3:rc1
Suricata-ids Suricata 1.3.1 cpe:/a:suricata-ids:suricata:1.3.1
Suricata-ids Suricata 1.3.2 cpe:/a:suricata-ids:suricata:1.3.2
Suricata-ids Suricata 1.3.3 cpe:/a:suricata-ids:suricata:1.3.3
Suricata-ids Suricata 1.3.4 cpe:/a:suricata-ids:suricata:1.3.4
Suricata-ids Suricata 1.3.5 cpe:/a:suricata-ids:suricata:1.3.5
Suricata-ids Suricata 1.3.6 cpe:/a:suricata-ids:suricata:1.3.6
Suricata-ids Suricata 1.4 cpe:/a:suricata-ids:suricata:1.4
Suricata-ids Suricata 1.4 cpe:/a:suricata-ids:suricata:1.4:b1
Suricata-ids Suricata 1.4 cpe:/a:suricata-ids:suricata:1.4:b2
Suricata-ids Suricata 1.4 cpe:/a:suricata-ids:suricata:1.4:b3
Suricata-ids Suricata 1.4 cpe:/a:suricata-ids:suricata:1.4:rc1
Suricata-ids Suricata 1.4.1 cpe:/a:suricata-ids:suricata:1.4.1
Suricata-ids Suricata 1.4.2 cpe:/a:suricata-ids:suricata:1.4.2
Suricata-ids Suricata 1.4.3 cpe:/a:suricata-ids:suricata:1.4.3
Suricata-ids Suricata 1.4.4 cpe:/a:suricata-ids:suricata:1.4.4
Suricata-ids Suricata 1.4.5 cpe:/a:suricata-ids:suricata:1.4.5
Suricata-ids Suricata 1.4.6 cpe:/a:suricata-ids:suricata:1.4.6
Suricata-ids Suricata 1.4.7 cpe:/a:suricata-ids:suricata:1.4.7
Suricata-ids Suricata 2.0 cpe:/a:suricata-ids:suricata:2.0
Suricata-ids Suricata 2.0 cpe:/a:suricata-ids:suricata:2.0:b1
Suricata-ids Suricata 2.0 cpe:/a:suricata-ids:suricata:2.0:b2
Suricata-ids Suricata 2.0 cpe:/a:suricata-ids:suricata:2.0:rc1
Suricata-ids Suricata 2.0 cpe:/a:suricata-ids:suricata:2.0:rc2
Suricata-ids Suricata 2.0 cpe:/a:suricata-ids:suricata:2.0:rc3
Suricata-ids Suricata 2.0.1 cpe:/a:suricata-ids:suricata:2.0.1
Suricata-ids Suricata 2.0.1 cpe:/a:suricata-ids:suricata:2.0.1:rc1
Suricata-ids Suricata 2.0.2 cpe:/a:suricata-ids:suricata:2.0.2
Suricata-ids Suricata 2.0.3 cpe:/a:suricata-ids:suricata:2.0.3
Suricata-ids Suricata 2.0.4 cpe:/a:suricata-ids:suricata:2.0.4
Suricata-ids Suricata 2.0.5 cpe:/a:suricata-ids:suricata:2.0.5
Suricata-ids Suricata 2.0.6 cpe:/a:suricata-ids:suricata:2.0.6
Suricata-ids Suricata 2.0.7 cpe:/a:suricata-ids:suricata:2.0.7
Suricata-ids Suricata 2.0.8 cpe:/a:suricata-ids:suricata:2.0.8
Suricata-ids Suricata 2.0.9 cpe:/a:suricata-ids:suricata:2.0.9
Suricata-ids Suricata 2.0.10 cpe:/a:suricata-ids:suricata:2.0.10
Suricata-ids Suricata 2.0.11 cpe:/a:suricata-ids:suricata:2.0.11
Suricata-ids Suricata 2.1 cpe:/a:suricata-ids:suricata:2.1:b1
Suricata-ids Suricata 2.1 cpe:/a:suricata-ids:suricata:2.1:b2
Suricata-ids Suricata 2.1 cpe:/a:suricata-ids:suricata:2.1:b3
Suricata-ids Suricata 2.1 cpe:/a:suricata-ids:suricata:2.1:b4
Suricata-ids Suricata 3.0 cpe:/a:suricata-ids:suricata:3.0
Suricata-ids Suricata 3.0 cpe:/a:suricata-ids:suricata:3.0:rc1
Suricata-ids Suricata 3.0 cpe:/a:suricata-ids:suricata:3.0:rc2
Suricata-ids Suricata 3.0 cpe:/a:suricata-ids:suricata:3.0:rc3
Suricata-ids Suricata 3.0.1 cpe:/a:suricata-ids:suricata:3.0.1
Suricata-ids Suricata 3.0.1 cpe:/a:suricata-ids:suricata:3.0.1:rc1
Suricata-ids Suricata 3.0.2 cpe:/a:suricata-ids:suricata:3.0.2
Suricata-ids Suricata 3.1 cpe:/a:suricata-ids:suricata:3.1
Suricata-ids Suricata 3.1 cpe:/a:suricata-ids:suricata:3.1:rc1
Suricata-ids Suricata 3.1.1 cpe:/a:suricata-ids:suricata:3.1.1
Suricata-ids Suricata 3.1.2 cpe:/a:suricata-ids:suricata:3.1.2
Suricata-ids Suricata 3.1.3 cpe:/a:suricata-ids:suricata:3.1.3
Suricata-ids Suricata 3.1.4 cpe:/a:suricata-ids:suricata:3.1.4
Suricata-ids Suricata 3.2 cpe:/a:suricata-ids:suricata:3.2
Suricata-ids Suricata 3.2 cpe:/a:suricata-ids:suricata:3.2:b1
Suricata-ids Suricata 3.2 cpe:/a:suricata-ids:suricata:3.2:rc1
Suricata-ids Suricata 3.2.1 cpe:/a:suricata-ids:suricata:3.2.1
Suricata-ids Suricata 3.2.2 cpe:/a:suricata-ids:suricata:3.2.2
Suricata-ids Suricata 3.2.3 cpe:/a:suricata-ids:suricata:3.2.3
Suricata-ids Suricata 3.2.4 cpe:/a:suricata-ids:suricata:3.2.4
Suricata-ids Suricata 3.2.5 cpe:/a:suricata-ids:suricata:3.2.5
Suricata-ids Suricata 4.0.0 cpe:/a:suricata-ids:suricata:4.0.0
Suricata-ids Suricata 4.0.0 cpe:/a:suricata-ids:suricata:4.0.0:b1
Suricata-ids Suricata 4.0.0 cpe:/a:suricata-ids:suricata:4.0.0:rc1
Suricata-ids Suricata 4.0.0 cpe:/a:suricata-ids:suricata:4.0.0:rc2
Suricata-ids Suricata 4.0.1 cpe:/a:suricata-ids:suricata:4.0.1
Suricata-ids Suricata 4.0.2 cpe:/a:suricata-ids:suricata:4.0.2
Suricata-ids Suricata 4.0.3 cpe:/a:suricata-ids:suricata:4.0.3
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
  1. Debian (1) Search CVE
    1. Debian Linux (1) Search CVE
      1. 8.0
  2. Suricata-ids (1) Search CVE
    1. Suricata (57) Search CVE
      1. 0.8.2
      2. 1.0.0
      3. 1.0.1
      4. 1.0.2
      5. 1.0.3
      6. 1.0.4
      7. 1.0.5
      8. 1.1
      9. 1.1.1
      10. 1.2
      11. 1.2.1
      12. 1.3
      13. 1.3.1
      14. 1.3.2
      15. 1.3.3
      16. 1.3.4
      17. 1.3.5
      18. 1.3.6
      19. 1.4
      20. 1.4.1
      21. 1.4.2
      22. 1.4.3
      23. 1.4.4
      24. 1.4.5
      25. 1.4.6
      26. 1.4.7
      27. 2.0
      28. 2.0.1
      29. 2.0.2
      30. 2.0.3
      31. 2.0.4
      32. 2.0.5
      33. 2.0.6
      34. 2.0.7
      35. 2.0.8
      36. 2.0.9
      37. 2.0.10
      38. 2.0.11
      39. 2.1
      40. 3.0
      41. 3.0.1
      42. 3.0.2
      43. 3.1
      44. 3.1.1
      45. 3.1.2
      46. 3.1.3
      47. 3.1.4
      48. 3.2
      49. 3.2.1
      50. 3.2.2
      51. 3.2.3
      52. 3.2.4
      53. 3.2.5
      54. 4.0.0
      55. 4.0.1
      56. 4.0.2
      57. 4.0.3

CWE

ID Name Description Links
CWE-693 Protection Mechanism Failure The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. CVE

History of changes

Date Event
2019-03-01 23:33
2018-12-05 11:29
2018-06-14 01:29
2018-06-07 13:21
2018-03-13 16:35
2018-03-08 02:29
2018-02-07 05:29

New CVE