CVE-2018-6794 — MEDIUM (5.3)

Q: How severe is CVE-2018-6794?

CVE-2018-6794 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-6794?

Check the references section above for vendor advisories and patch information. Affected products include: Suricata-Ids Suricata, Debian Debian Linux.

Vulnerability Description

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Suricata-Ids	Suricata	< 4.0.4
Debian	Debian Linux	8.0

Related Weaknesses (CWE)

CWE-693

References

https://github.com/OISF/suricata/pull/3202/commits/e1ef57c848bbe4e567d5d4b66d346PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2018/12/msg00000.htmlMailing ListThird Party Advisory
https://redmine.openinfosecfoundation.org/issues/2427Third Party Advisory
https://suricata-ids.org/2018/02/14/suricata-4-0-4-available/Vendor Advisory
https://www.exploit-db.com/exploits/44247/ExploitThird Party AdvisoryVDB Entry
https://github.com/OISF/suricata/pull/3202/commits/e1ef57c848bbe4e567d5d4b66d346PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2018/12/msg00000.htmlMailing ListThird Party Advisory
https://redmine.openinfosecfoundation.org/issues/2427Third Party Advisory
https://suricata-ids.org/2018/02/14/suricata-4-0-4-available/Vendor Advisory
https://www.exploit-db.com/exploits/44247/ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2018-6794?

CVE-2018-6794 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is compl...

How severe is CVE-2018-6794?

CVE-2018-6794 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-6794?

Check the references section above for vendor advisories and patch information. Affected products include: Suricata-Ids Suricata, Debian Debian Linux.