Skip to main content

Suricata CVE-2018-6794

MEDIUM
Protection Mechanism Failure (CWE-693)
2018-02-07 cve@mitre.org
5.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 07, 2018 - 05:29 nvd
MEDIUM 5.3

DescriptionNVD

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual.

AnalysisAI

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-693. Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual. Affected products include: Suricata-Ids Suricata, Debian Debian Linux. Version information: before 4.0.4.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2018-1000167 HIGH POC
7.8 Apr 18

OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Functi

CVE-2025-59150 HIGH POC
7.5 Oct 01

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suric

CVE-2021-45098 HIGH POC
7.5 Dec 16

An issue was discovered in Suricata before 6.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploit

CVE-2019-10056 HIGH POC
7.5 Aug 28

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, n

CVE-2019-10055 HIGH POC
7.5 Aug 28

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, n

CVE-2019-10054 HIGH POC
7.5 Aug 28

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, n

CVE-2019-10052 HIGH POC
7.5 Aug 28

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, n

CVE-2019-10051 HIGH POC
7.5 Aug 28

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, n

CVE-2019-1010279 HIGH POC
7.5 Jul 18

Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detect

CVE-2018-14568 HIGH POC
7.5 Jul 23

Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. Rated high severity (CVSS 7.5), this vul

CVE-2015-8954 CRITICAL
9.8 Mar 20

The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might a

CVE-2023-35853 CRITICAL
9.8 Jun 19

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. Ra

Share

CVE-2018-6794 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy