Project

General

Profile

Actions

Bug #1391

closed

http uri parsing issue

Added by Victor Julien about 9 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

This is technically a libhtp issue, but it affects Suricata detection and logging. Certain characters in the URI could confuse the parsing of the HTTP request line, leading to possible detection bypass for 'http_uri' and to incomplete logging of the URI. Libhtp 0.5.17 has been released to address this and is bundled in 2.0.7.

This issue was reported by Darien Huss of Emerging Threats.

Actions #1

Updated by Victor Julien about 9 years ago

  • Description updated (diff)
  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100
Actions #2

Updated by Victor Julien about 9 years ago

Workaround: none.

However, libhtp can be updated independently of Suricata. So updating libhtp to 0.5.17 will address this issue.

Actions

Also available in: Atom PDF