← back
CVE-2015-8954

CVE-2015-8954

EPSS 3.3%
The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777523https://redmine.openinfosecfoundation.org/issues/1364https://suricata-ids.org/2015/01/15/suricata-2-0-6-available/