Actions
Bug #1391
closedhttp uri parsing issue
Affected Versions:
Effort:
Difficulty:
Label:
Description
This is technically a libhtp issue, but it affects Suricata detection and logging. Certain characters in the URI could confuse the parsing of the HTTP request line, leading to possible detection bypass for 'http_uri' and to incomplete logging of the URI. Libhtp 0.5.17 has been released to address this and is bundled in 2.0.7.
This issue was reported by Darien Huss of Emerging Threats.
Updated by Victor Julien almost 10 years ago
- Description updated (diff)
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
Updated by Victor Julien almost 10 years ago
Workaround: none.
However, libhtp can be updated independently of Suricata. So updating libhtp to 0.5.17 will address this issue.
Actions