Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   Cisco Snort Vendors:
Snort Lets Remote Users Bypass 'uricontent' Rules
SecurityTracker Alert ID:  1016191
SecurityTracker URL:
CVE Reference:   CVE-2006-2769   (Links to External Site)
Updated:  Jun 6 2006
Original Entry Date:  May 31 2006
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.4.4 and prior versions
Description:   A vulnerability was reported in Snort. A remote user can bypass 'uricontent' rules to evade detection.

A remote user can send a specially crafted URL that is appended with a carriage return (directly before the HTTP protocol declaration) to bypass detection of "uricontent" rules.

Thousands of rules in the standard Snort base rule sets are affected.

This vulnerability is being actively exploited.

Blake Hartstein of the Demarc Threat Research Team discovered this vulnerability.

The original advisory is available at:

Impact:   A remote user can bypass 'uricontent' rules to evade detection.
Solution:   The vendor has issued fixed versions (2.4.5 and 2.6.0).
Vendor URL: (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC