CVE-2019-17420
First published: Wed Oct 09 2019(Updated: )
In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OISF LibHTP | <0.5.31 | |
| Suricata-ids Suricata | =4.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-17420?
CVE-2019-17420 is a vulnerability in OISF LibHTP before version 0.5.31, as used in Suricata 4.1.4 and other products, that causes an HTTP protocol parsing error.
How does CVE-2019-17420 affect Suricata?
CVE-2019-17420 affects Suricata 4.1.4, causing the http_header signature to not alert on a response with a single \r\n ending.
What is the severity of CVE-2019-17420?
The severity of CVE-2019-17420 is medium with a CVSS score of 5.3.
How do I fix CVE-2019-17420 in OISF LibHTP and Suricata?
To fix CVE-2019-17420, update OISF LibHTP to version 0.5.31 and update Suricata to version 4.1.5 or later.
What is the CWE classification of CVE-2019-17420?
CVE-2019-17420 is classified under CWE-459 (Use of Inconsistent Cryptography).
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/oisf
- canonical/oisf libhtp
- vendor/suricata-ids
- canonical/suricata-ids suricata
- version/suricata-ids suricata/4.1.4