Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-6794Protection Mechanism Failure in Suricata

CWE-693Protection Mechanism Failure9 documents7 sources
Severity
5.3MEDIUMNVD
EPSS
37.4%
top 2.81%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Oisf SuricataSuricata-ids SuricataDebian Linux
Timeline
PublishedFeb 7
Latest updateMay 14

Description

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

Debianoisf/suricata< 1:4.0.4-1+3

Also affects: Debian Linux 8.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-wfvj-pf5x-3547: Suricata before 42022-05-14
CVEList
CVE-2018-6794: Suricata before 42018-02-07
OSV
CVE-2018-6794: Suricata before 42018-02-07

💥Exploits & PoCs

1
Exploit-DB
Suricata < 4.0.4 - IDS Detection Bypass2018-03-05

📋Vendor Advisories

1
Debian
CVE-2018-6794: suricata - Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in dete...2018

💬Community

3
Bugzilla
CVE-2018-6794 suricata: HTTP detection bypass in detect.c and stream-tcp.c2018-02-08
Bugzilla
CVE-2018-6794 suricata: HTTP detection bypass in detect.c and stream-tcp.c [epel-all]2018-02-08
Bugzilla
CVE-2018-6794 suricata: HTTP detection bypass in detect.c and stream-tcp.c [fedora-all]2018-02-08
CVE-2018-6794 — Protection Mechanism Failure | cvebase