CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-8954

The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.019

EPSS Ranking 82.2%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2015-8954

Openinfosecfoundation » Suricata » Version: 0.8.2

cpe:2.3:a:openinfosecfoundation:suricata:0.8.2
Openinfosecfoundation » Suricata » Version: 1.0.0

cpe:2.3:a:openinfosecfoundation:suricata:1.0.0
Openinfosecfoundation » Suricata » Version: 1.0.1

cpe:2.3:a:openinfosecfoundation:suricata:1.0.1
Openinfosecfoundation » Suricata » Version: 1.0.2

cpe:2.3:a:openinfosecfoundation:suricata:1.0.2
Openinfosecfoundation » Suricata » Version: 1.0.3

cpe:2.3:a:openinfosecfoundation:suricata:1.0.3
Openinfosecfoundation » Suricata » Version: 1.0.4

cpe:2.3:a:openinfosecfoundation:suricata:1.0.4
Openinfosecfoundation » Suricata » Version: 1.0.5

cpe:2.3:a:openinfosecfoundation:suricata:1.0.5
Openinfosecfoundation » Suricata » Version: 1.1

cpe:2.3:a:openinfosecfoundation:suricata:1.1
Openinfosecfoundation » Suricata » Version: 1.1.1

cpe:2.3:a:openinfosecfoundation:suricata:1.1.1
Openinfosecfoundation » Suricata » Version: 1.2

cpe:2.3:a:openinfosecfoundation:suricata:1.2
Openinfosecfoundation » Suricata » Version: 1.2.1

cpe:2.3:a:openinfosecfoundation:suricata:1.2.1
Openinfosecfoundation » Suricata » Version: 1.3

cpe:2.3:a:openinfosecfoundation:suricata:1.3
Openinfosecfoundation » Suricata » Version: 1.3.1

cpe:2.3:a:openinfosecfoundation:suricata:1.3.1
Openinfosecfoundation » Suricata » Version: 1.3.2

cpe:2.3:a:openinfosecfoundation:suricata:1.3.2
Openinfosecfoundation » Suricata » Version: 1.3.3

cpe:2.3:a:openinfosecfoundation:suricata:1.3.3
Openinfosecfoundation » Suricata » Version: 1.3.4

cpe:2.3:a:openinfosecfoundation:suricata:1.3.4
Openinfosecfoundation » Suricata » Version: 1.3.5

cpe:2.3:a:openinfosecfoundation:suricata:1.3.5
Openinfosecfoundation » Suricata » Version: 1.3.6

cpe:2.3:a:openinfosecfoundation:suricata:1.3.6
Openinfosecfoundation » Suricata » Version: 1.4

cpe:2.3:a:openinfosecfoundation:suricata:1.4
Openinfosecfoundation » Suricata » Version: 1.4.1

cpe:2.3:a:openinfosecfoundation:suricata:1.4.1
Openinfosecfoundation » Suricata » Version: 1.4.2

cpe:2.3:a:openinfosecfoundation:suricata:1.4.2
Openinfosecfoundation » Suricata » Version: 1.4.3

cpe:2.3:a:openinfosecfoundation:suricata:1.4.3
Openinfosecfoundation » Suricata » Version: 1.4.4

cpe:2.3:a:openinfosecfoundation:suricata:1.4.4
Openinfosecfoundation » Suricata » Version: 1.4.5

cpe:2.3:a:openinfosecfoundation:suricata:1.4.5
Openinfosecfoundation » Suricata » Version: 1.4.6

cpe:2.3:a:openinfosecfoundation:suricata:1.4.6
Openinfosecfoundation » Suricata » Version: 1.4.7

cpe:2.3:a:openinfosecfoundation:suricata:1.4.7
Openinfosecfoundation » Suricata » Version: 2.0

cpe:2.3:a:openinfosecfoundation:suricata:2.0
Openinfosecfoundation » Suricata » Version: 2.0.1

cpe:2.3:a:openinfosecfoundation:suricata:2.0.1
Openinfosecfoundation » Suricata » Version: 2.0.2

cpe:2.3:a:openinfosecfoundation:suricata:2.0.2
Openinfosecfoundation » Suricata » Version: 2.0.3

cpe:2.3:a:openinfosecfoundation:suricata:2.0.3
Openinfosecfoundation » Suricata » Version: 2.0.4

cpe:2.3:a:openinfosecfoundation:suricata:2.0.4
Openinfosecfoundation » Suricata » Version: 2.0.5

cpe:2.3:a:openinfosecfoundation:suricata:2.0.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-8954

Products

Pricing

Contact Us