Candidate: CVE-2018-6794
PublicDate: 2018-02-07 05:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6794
 https://redmine.openinfosecfoundation.org/issues/2427
 https://github.com/OISF/suricata/pull/3202/commits/e1ef57c848bbe4e567d5d4b66d346a742e3f77a1
Description:
 Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in
 detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow
 and sends data before the 3-way handshake is complete, then the data sent
 by the malicious server will be accepted by web clients such as a web
 browser or Linux CLI utilities, but ignored by Suricata IDS signatures.
 This mostly affects IDS signatures for the HTTP protocol and TCP stream
 content; signatures for TCP packets will inspect such network traffic as
 usual.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N [5.3 MEDIUM]


Patches_suricata:
upstream_suricata: released (1:4.0.5-1)
precise/esm_suricata: DNE
trusty_suricata: ignored (reached end-of-life)
trusty/esm_suricata: DNE (trusty was needs-triage)
xenial_suricata: ignored (end of standard support, was needed)
artful_suricata: ignored (reached end-of-life)
bionic_suricata: needed
cosmic_suricata: ignored (reached end-of-life)
disco_suricata: ignored (reached end-of-life)
eoan_suricata: ignored (reached end-of-life)
focal_suricata: DNE
groovy_suricata: DNE
hirsute_suricata: DNE
impish_suricata: DNE
jammy_suricata: not-affected (1:4.0.5-1)
devel_suricata: not-affected (1:4.0.5-1)