CVE-2018-6794

Description

Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual.

How to fix CVE-2018-6794

To remediate CVE-2018-6794, upgrade the affected package to a fixed version below.

—upgrade to 1:4.0.4-1 or later

Is CVE-2018-6794 being exploited?

Moderate — EPSS is 37.4%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

from 0, < 1:4.0.4-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2018-6794