Lucene search

Veracode Vulnerability DatabaseVERACODE:45749

HistoryMar 04, 2024 - 1:47 p.m.

Improper Access Control

2024-03-0413:47:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

suricata

vulnerability

http2

headers

inspection

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

15.5%

JSON

Suricata is vulnerable to Improper Access Control. The vulnerability is due to the way rules inspecting HTTP2 headers are implemented. An attacker can bypass these rules by splitting header frames.

References

github.com/OISF/suricata/commit/478a2a38f54e2ae235f8486bff87d7d66b6307f0

github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8c

lists.fedoraproject.org/archives/list/[email protected]/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/

lists.fedoraproject.org/archives/list/[email protected]/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/

redmine.openinfosecfoundation.org/issues/6717

security-tracker.debian.org/tracker/CVE-2024-24568

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

15.5%

JSON

Related for VERACODE:45749