admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-06-07 13:36:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2018/CVE-2018-6794.md
0xMarcio 48a00929ac Removed duplicates
2024-06-18 02:51:15 +02:00

22 lines
1.1 KiB
Markdown
Raw Blame History

### [CVE-2018-6794](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6794)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
### Description
Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual.
### POC
#### Reference
- https://www.exploit-db.com/exploits/44247/
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/kirillwow/ids_bypass
- https://github.com/lnick2023/nicenice
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
Reference in New Issue View Git Blame Copy Permalink