CVE-2006-2769 | Vulnerability Database | Aqua Security

The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass uricontent rules via a carriage return (r) after the URL and before the HTTP declaration.

Affected Software

Name	Vendor	Start Version	End Version
Snort	Sourcefire	2.4 (including)	2.4 (including)
Snort	Sourcefire	2.4.1 (including)	2.4.1 (including)
Snort	Sourcefire	2.4.2 (including)	2.4.2 (including)
Snort	Sourcefire	2.4.3 (including)	2.4.3 (including)
Snort	Sourcefire	2.4.4 (including)	2.4.4 (including)

References

http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html
http://marc.info/?l=snort-devel\u0026m=114909074311462\u0026w=2
http://secunia.com/advisories/20413
http://secunia.com/advisories/20766
http://securityreason.com/securityalert/1018
http://securitytracker.com/id?1016191
http://www.demarc.com/support/downloads/patch_20060531
http://www.osvdb.org/25837
http://www.securityfocus.com/archive/1/435600/100/0/threaded
http://www.securityfocus.com/archive/1/435734/100/0/threaded
http://www.securityfocus.com/archive/1/435797/100/0/threaded
http://www.securityfocus.com/archive/1/435872/100/0/threaded
http://www.securityfocus.com/bid/18200
http://www.snort.org/pub-bin/snortnews.cgi#431
http://www.vupen.com/english/advisories/2006/2119
https://exchange.xforce.ibmcloud.com/vulnerabilities/26855

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-2769
CWE	https://cwe.mitre.org/data/definitions/264.html