CVE-2015-8954

CVE-2015-8954

EPSS 3.3%

The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777523 https://redmine.openinfosecfoundation.org/issues/1364 https://suricata-ids.org/2015/01/15/suricata-2-0-6-available/