Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2769

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2769
Last Modified 20 Jun 2011 12:00:00
Published 02 Jun 2006 06:18:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2769

Summary

The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass "uricontent" rules via a carriage return (\r) after the URL and before the HTTP declaration.

Vulnerable Systems

Application

  • Sourcefire Snort 2.4

  • Sourcefire Snort 2.4.1

  • Sourcefire Snort 2.4.2

  • Sourcefire Snort 2.4.3

  • Sourcefire Snort 2.4.4


References

BID - 18200

OSVDB - 25837

MISC - http://www.demarc.com/support/downloads/patch_20060531

SECTRACK - 1016191

MLIST - [Snort-devel] 20060531 Snort Uricontent Bypass Vulnerability

XF - snort-uricontent-rule-bypass(26855)

VUPEN - ADV-2006-2119

CONFIRM - http://www.snort.org/pub-bin/snortnews.cgi#431

BUGTRAQ - 20060603 Re: New Snort Bypass - Patch - Bypass of Patch

BUGTRAQ - 20060602 Re: New Snort Bypass - Patch - Bypass of Patch

BUGTRAQ - 20060602 New Snort Bypass - Patch - Bypass of Patch

BUGTRAQ - 20060601 Snort HTTP Inspect Pre-Processor Uricontent Bypass

SREASON - 1018

SECUNIA - 20766

SECUNIA - 20413

SUSE - SUSE-SR:2006:014


Last Updated: 27 May 2016 10:42:46