Описание
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, disable XFF support in the eve configuration. The setting is disabled by default.
A flaw was found in Suricata, a network Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Network Security Monitoring (NSM) engine. Various inefficiencies in its eXtended Forwarded For (XFF) handling, particularly for alerts not triggered in a transaction, can lead to severe slowdowns. This vulnerability could allow a remote attacker to cause a Denial of Service by sending specially crafted network traffic.
Отчет
This is a LOW impact denial of service vulnerability in Suricata's XFF handling. Red Hat products shipping Suricata are not affected by default, as XFF support is disabled by default in the eve configuration. Exploitation would require an administrator to explicitly enable XFF support.
Меры по смягчению последствий
To mitigate this issue, ensure that XFF support is disabled in the Suricata eve configuration. This setting is disabled by default, so no action is required unless it has been explicitly enabled. If XFF support has been enabled, it can be disabled in the Suricata configuration file. A service restart may be required for changes to take effect.
Ссылки на источники
Дополнительная информация
Статус:
EPSS
3.7 Low
CVSS3
Связанные уязвимости
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, disable XFF support in the eve configuration. The setting is disabled by default.
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Versions 8.0.3 and 7.0.14 contain a patch. As a workaround, disable XFF support in the eve configuration. The setting is disabled by default.
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 ...
Уязвимость системы обнаружения и предотвращения вторжений Suricata, связанная с чрезмерной загрузкой центрально процессора, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
3.7 Low
CVSS3