Vulnerabilities > CVE-2019-17420 - Incomplete Cleanup vulnerability in multiple products

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

suricata-ids

oisf

CWE-459

NVD

Published: 2019-10-10

Updated: 2021-07-21

Summary

In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.

Vulnerable Configurations

Part	Description	Count
Application	Suricata-Ids Suricata IDS Suricata 4.1.4	1
Application	Oisf Oisf Libhtp 0.1 Oisf Libhtp 0.1.0 Oisf Libhtp 0.2.0 Oisf Libhtp 0.2.1 Oisf Libhtp 0.2.2 Oisf Libhtp 0.2.3 Oisf Libhtp 0.2.4 Oisf Libhtp 0.2.5 Oisf Libhtp 0.2.6 Oisf Libhtp 0.2.7 Oisf Libhtp 0.2.8 Oisf Libhtp 0.2.9 Oisf Libhtp 0.2.10 Oisf Libhtp 0.2.11 Oisf Libhtp 0.2.12 Oisf Libhtp 0.2.13 Oisf Libhtp 0.2.14 Oisf Libhtp 0.3.0 Oisf Libhtp 0.5.0 Oisf Libhtp 0.5.1 Oisf Libhtp 0.5.2 Oisf Libhtp 0.5.3 Oisf Libhtp 0.5.4 Oisf Libhtp 0.5.5 Oisf Libhtp 0.5.6 Oisf Libhtp 0.5.7 Oisf Libhtp 0.5.8 Oisf Libhtp 0.5.9 Oisf Libhtp 0.5.10 Oisf Libhtp 0.5.11 Oisf Libhtp 0.5.12 Oisf Libhtp 0.5.13 Oisf Libhtp 0.5.14 Oisf Libhtp 0.5.15 Oisf Libhtp 0.5.16 Oisf Libhtp 0.5.17 Oisf Libhtp 0.5.18 Oisf Libhtp 0.5.19 Oisf Libhtp 0.5.20 Oisf Libhtp 0.5.21 Oisf Libhtp 0.5.22 Oisf Libhtp 0.5.23 Oisf Libhtp 0.5.24 Oisf Libhtp 0.5.25 Oisf Libhtp 0.5.26 Oisf Libhtp 0.5.27 Oisf Libhtp 0.5.28 Oisf Libhtp 0.5.29 Oisf Libhtp 0.5.30	49

Common Weakness Enumeration (CWE)

CWE-459 - Incomplete Cleanup

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References