The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request.
References
Link | Resource |
---|---|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777523 | Third Party Advisory |
https://redmine.openinfosecfoundation.org/issues/1364 | Third Party Advisory |
https://suricata-ids.org/2015/01/15/suricata-2-0-6-available/ | Release Notes Vendor Advisory |
Configurations
History
No history.
Information
Published : 2017-03-20 16:59
Updated : 2017-03-24 13:37
NVD link : CVE-2015-8954
Mitre link : CVE-2015-8954
CVE.ORG link : CVE-2015-8954
JSON object : View
Products Affected
openinfosecfoundation
- suricata
CWE
CWE-264
Permissions, Privileges, and Access Controls