OpenCVE

The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass "uricontent" rules via a carriage return (\r) after the URL and before the HTTP declaration.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sourcefire	Snort

Configuration 1 [-]

OR	cpe:2.3:a:sourcefire:snort:2.4:::::::*
	cpe:2.3:a:sourcefire:snort:2.4.1:::::::*
	cpe:2.3:a:sourcefire:snort:2.4.2:::::::*
	cpe:2.3:a:sourcefire:snort:2.4.3:::::::*
	cpe:2.3:a:sourcefire:snort:2.4.4:::::::*

No data.

References

Link	Providers
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html
http://marc.info/?l=snort-devel&m=114909074311462&w=2
http://secunia.com/advisories/20413
http://secunia.com/advisories/20766
http://securityreason.com/securityalert/1018
http://securitytracker.com/id?1016191
http://www.demarc.com/support/downloads/patch_20060531
http://www.osvdb.org/25837
http://www.securityfocus.com/archive/1/435600/100/0/threaded
http://www.securityfocus.com/archive/1/435734/100/0/threaded
http://www.securityfocus.com/archive/1/435797/100/0/threaded
http://www.securityfocus.com/archive/1/435872/100/0/threaded
http://www.securityfocus.com/bid/18200
http://www.snort.org/pub-bin/snortnews.cgi#431
http://www.vupen.com/english/advisories/2006/2119
https://exchange.xforce.ibmcloud.com/vulnerabilities/26855

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-06-02T10:00:00

Updated: 2024-08-07T17:58:52.058Z

Reserved: 2006-06-01T00:00:00

Link: CVE-2006-2769

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-06-02T10:18:00.000

Modified: 2018-10-18T16:41:46.087

Link: CVE-2006-2769

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-05-31T00:00:00", "descriptions": [{"lang": "en", "value": "The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass \"uricontent\" rules via a carriage return (\\r) after the URL and before the HTTP declaration."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060603 Re: New Snort Bypass - Patch - Bypass of Patch", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/435872/100/0/threaded"}, {"name": "20060602 New Snort Bypass - Patch - Bypass of Patch", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/435734/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.demarc.com/support/downloads/patch_20060531"}, {"name": "20766", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20766"}, {"name": "18200", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18200"}, {"name": "20413", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20413"}, {"name": "20060601 Snort HTTP Inspect Pre-Processor Uricontent Bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/435600/100/0/threaded"}, {"name": "ADV-2006-2119", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2119"}, {"name": "1018", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1018"}, {"name": "snort-uricontent-rule-bypass(26855)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26855"}, {"name": "25837", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/25837"}, {"name": "SUSE-SR:2006:014", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"}, {"name": "1016191", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016191"}, {"name": "[Snort-devel] 20060531 Snort Uricontent Bypass Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=snort-devel&m=114909074311462&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.snort.org/pub-bin/snortnews.cgi#431"}, {"name": "20060602 Re: New Snort Bypass - Patch - Bypass of Patch", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/435797/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2769", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass \"uricontent\" rules via a carriage return (\\r) after the URL and before the HTTP declaration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060603 Re: New Snort Bypass - Patch - Bypass of Patch", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/435872/100/0/threaded"}, {"name": "20060602 New Snort Bypass - Patch - Bypass of Patch", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/435734/100/0/threaded"}, {"name": "http://www.demarc.com/support/downloads/patch_20060531", "refsource": "MISC", "url": "http://www.demarc.com/support/downloads/patch_20060531"}, {"name": "20766", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20766"}, {"name": "18200", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18200"}, {"name": "20413", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20413"}, {"name": "20060601 Snort HTTP Inspect Pre-Processor Uricontent Bypass", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/435600/100/0/threaded"}, {"name": "ADV-2006-2119", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2119"}, {"name": "1018", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1018"}, {"name": "snort-uricontent-rule-bypass(26855)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26855"}, {"name": "25837", "refsource": "OSVDB", "url": "http://www.osvdb.org/25837"}, {"name": "SUSE-SR:2006:014", "refsource": "SUSE", "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"}, {"name": "1016191", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016191"}, {"name": "[Snort-devel] 20060531 Snort Uricontent Bypass Vulnerability", "refsource": "MLIST", "url": "http://marc.info/?l=snort-devel&m=114909074311462&w=2"}, {"name": "http://www.snort.org/pub-bin/snortnews.cgi#431", "refsource": "CONFIRM", "url": "http://www.snort.org/pub-bin/snortnews.cgi#431"}, {"name": "20060602 Re: New Snort Bypass - Patch - Bypass of Patch", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/435797/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:58:52.058Z"}, "title": "CVE Program Container", "references": [{"name": "20060603 Re: New Snort Bypass - Patch - Bypass of Patch", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/435872/100/0/threaded"}, {"name": "20060602 New Snort Bypass - Patch - Bypass of Patch", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/435734/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.demarc.com/support/downloads/patch_20060531"}, {"name": "20766", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20766"}, {"name": "18200", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18200"}, {"name": "20413", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20413"}, {"name": "20060601 Snort HTTP Inspect Pre-Processor Uricontent Bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/435600/100/0/threaded"}, {"name": "ADV-2006-2119", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2119"}, {"name": "1018", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1018"}, {"name": "snort-uricontent-rule-bypass(26855)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26855"}, {"name": "25837", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/25837"}, {"name": "SUSE-SR:2006:014", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"}, {"name": "1016191", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016191"}, {"name": "[Snort-devel] 20060531 Snort Uricontent Bypass Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=snort-devel&m=114909074311462&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.snort.org/pub-bin/snortnews.cgi#431"}, {"name": "20060602 Re: New Snort Bypass - Patch - Bypass of Patch", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/435797/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2769", "datePublished": "2006-06-02T10:00:00", "dateReserved": "2006-06-01T00:00:00", "dateUpdated": "2024-08-07T17:58:52.058Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sourcefire:snort:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "CAB10D25-F039-498D-880B-ACA29AF2E990", "vulnerable": true}, {"criteria": "cpe:2.3:a:sourcefire:snort:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "78C4A2D0-E47D-419B-98F2-8FB14A097DC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sourcefire:snort:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "07636BAF-C6CE-4452-B0BF-3A032D53B2C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sourcefire:snort:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "660AF80B-1512-4CD0-89B2-93658C0A12B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sourcefire:snort:2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "9A4A28FF-1E4F-42D0-8EA8-B23CDCDE6780", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass \"uricontent\" rules via a carriage return (\\r) after the URL and before the HTTP declaration."}, {"lang": "es", "value": "El preprocesador HTTP Inspect (http_inspect) en Snort 2.4.0 hasta la versi\u00f3n 2.4.4 permite a atacantes remotos eludir reglas \"uricontent\" a trav\u00e9s de un retorno de carro (\\r) despu\u00e9s de la URL y antes de la declaraci\u00f3n HTTP."}], "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nSnort, 2.4.4 source with uricontent patch", "id": "CVE-2006-2769", "lastModified": "2018-10-18T16:41:46.087", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-06-02T10:18:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=snort-devel&m=114909074311462&w=2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20413"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20766"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1018"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://securitytracker.com/id?1016191"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.demarc.com/support/downloads/patch_20060531"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.osvdb.org/25837"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/435600/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/435734/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/435797/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/435872/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/18200"}, {"source": "cve@mitre.org", "url": "http://www.snort.org/pub-bin/snortnews.cgi#431"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2119"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26855"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}