Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-45098

Опубликовано: 16 дек. 2021
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it's possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client's request. These packets will not trigger a Suricata reject action.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

1:6.0.4-3
esm-apps/bionic

needs-triage

esm-apps/jammy

not-affected

1:6.0.4-3
esm-apps/noble

not-affected

1:6.0.4-3
esm-apps/xenial

needs-triage

jammy

not-affected

1:6.0.4-3
kinetic

not-affected

1:6.0.4-3
lunar

not-affected

1:6.0.4-3
mantic

not-affected

1:6.0.4-3

Показывать по

Ссылки на источники

EPSS

Процентиль: 70%
0.00646
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2021-45098

CVSS3: 7.5
nvd
около 4 лет назад

An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it's possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client's request. These packets will not trigger a Suricata reject action.

debian логотип

CVE-2021-45098

CVSS3: 7.5
debian
около 4 лет назад

An issue was discovered in Suricata before 6.0.4. It is possible to by ...

github логотип

GHSA-cfcf-x7x2-gpf8

CVSS3: 7.5
github
около 4 лет назад

An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it's possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client's request. These packets will not trigger a Suricata reject action.

fstec логотип

BDU:2023-06804

CVSS3: 7.5
fstec
больше 4 лет назад

Уязвимость системы обнаружения и предотвращения вторжений Suricata, связанная с недостаточной проверкой хэш-функции, позволяющая нарушителю реализовать атаку TCP Reset

EPSS

Процентиль: 70%
0.00646
Низкий

5 Medium

CVSS2

7.5 High

CVSS3