CVE-2015-8954

Опубликовано: 20 мар. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request.

Ссылки

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777523
Third Party Advisory
https://redmine.openinfosecfoundation.org/issues/1364
Third Party Advisory
https://suricata-ids.org/2015/01/15/suricata-2-0-6-available/
Release Notes
Vendor Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777523
Third Party Advisory
https://redmine.openinfosecfoundation.org/issues/1364
Third Party Advisory
https://suricata-ids.org/2015/01/15/suricata-2-0-6-available/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openinfosecfoundation:suricata:*:*:*:*:*:*:*:*

Версия до 2.0.5 (включая)

EPSS

Процентиль: 83%

0.01862

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2015-8954

CVSS3: 9.8

ubuntu

почти 9 лет назад

CVE-2015-8954

CVSS3: 9.8

debian

почти 9 лет назад

The MemcmpLowercase function in Suricata before 2.0.6 improperly exclu ...

GHSA-m68q-w483-4j98

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 83%

0.01862

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-264