Project

General

Profile

Actions

Bug #1391

closed

http uri parsing issue

Added by Victor Julien over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

This is technically a libhtp issue, but it affects Suricata detection and logging. Certain characters in the URI could confuse the parsing of the HTTP request line, leading to possible detection bypass for 'http_uri' and to incomplete logging of the URI. Libhtp 0.5.17 has been released to address this and is bundled in 2.0.7.

This issue was reported by Darien Huss of Emerging Threats.

Actions

Also available in: Atom PDF