The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass uricontent rules via a carriage return (r) after the URL and before the HTTP declaration.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Snort | Sourcefire | 2.4 (including) | 2.4 (including) |
Snort | Sourcefire | 2.4.1 (including) | 2.4.1 (including) |
Snort | Sourcefire | 2.4.2 (including) | 2.4.2 (including) |
Snort | Sourcefire | 2.4.3 (including) | 2.4.3 (including) |
Snort | Sourcefire | 2.4.4 (including) | 2.4.4 (including) |