{"id":"CVE-2018-6794","details":"Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual.","modified":"2026-05-18T05:51:45.160834614Z","published":"2018-02-07T05:29:00.260Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"8.0"}],"vendor_product":"debian:debian_linux","source":"CPE_FIELD","cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"]}]},"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/12/msg00000.html"},{"type":"ADVISORY","url":"https://redmine.openinfosecfoundation.org/issues/2427"},{"type":"ADVISORY","url":"https://suricata-ids.org/2018/02/14/suricata-4-0-4-available/"},{"type":"FIX","url":"https://github.com/OISF/suricata/pull/3202/commits/e1ef57c848bbe4e567d5d4b66d346a742e3f77a1"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/44247/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/oisf/suricata","events":[{"introduced":"0"},{"fixed":"2eadd77e1036f5d6a99acc8e12c237b9cc7093be"}],"database_specific":{"cpe":"cpe:2.3:a:suricata-ids:suricata:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"4.0.4"}],"source":"CPE_FIELD"}}],"versions":["suricata-4.0.3","suricata-4.0.2","suricata-4.0.1","suricata-4.0.0","suricata-4.0.0-rc2","suricata-4.0.0-rc1","suricata-4.0.0-beta1","suricata-3.2.1","suricata-3.2","suricata-3.2RC1","suricata-3.2beta1","suricata-3.1.2","suricata-3.1.1","suricata-3.1","suricata-3.0.1","suricata-3.1RC1","suricata-3.0.1RC1","suricata-3.0","suricata-3.0RC3","suricata-3.0RC2","suricata-3.0RC1","suricata-2.1beta4","suricata-2.1beta3","suricata-2.1beta2","suricata-2.1beta1","suricata-2.0.2","suricata-2.0.1","suricata-2.0.1rc1","suricata-2.0","suricata-2.0rc3","suricata-2.0rc2","suricata-2.0rc1","suricata-2.0beta2","suricata-2.0beta1","suricata-1.4","suricata-1.4rc1","suricata-1.4beta3","suricata-1.4beta2","suricata-1.4beta1","suricata-1.3.1","suricata-1.3","suricata-1.3rc1","suricata-1.3beta2","suricata-1.3beta1","suricata-1.2.1","suricata-1.2","suricata-1.2rc1","suricata-1.2beta1","suricata-1.1","suricata-1.1rc1","suricata-1.1beta3","suricata-1.1beta2","suricata-1.1beta1","suricata-1.0.2","suricata-1.0.1","suricata-1.0.0","suricata-0.8.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-6794.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}