{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-6794", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/OISF/suricata/pull/3202/commits/e1ef57c848bbe4e567d5d4b66d346a742e3f77a1", "refsource": "CONFIRM", "url": "https://github.com/OISF/suricata/pull/3202/commits/e1ef57c848bbe4e567d5d4b66d346a742e3f77a1" }, { "name": "[debian-lts-announce] 20181204 [SECURITY] [DLA 1603-1] suricata security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00000.html" }, { "name": "https://redmine.openinfosecfoundation.org/issues/2427", "refsource": "CONFIRM", "url": "https://redmine.openinfosecfoundation.org/issues/2427" }, { "name": "https://suricata-ids.org/2018/02/14/suricata-4-0-4-available/", "refsource": "CONFIRM", "url": "https://suricata-ids.org/2018/02/14/suricata-4-0-4-available/" }, { "name": "44247", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44247/" } ] } }