Project

General

Profile

Bug #1364

evasion issues

Added by Victor Julien almost 5 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
High
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

A logic error in MemcmpLowercase excluded the first byte from the compare. This can lead to FN/FP issues for all users of this function.

Affected:
  • HTTP multipart parsing might get confused, so file matching and extraction can fail
  • http_header keyword won't inspect specific headers:
  • with name Xookie (where X can be any byte but 'c'/'C')
  • with name Xet-cookie (where X can be any byte but 's'/'S')
  • fileext keyword can be bypassed
  • FTP 'ftpbounce' keyword may be bypassed

History

#1

Updated by Victor Julien almost 5 years ago

  • Description updated (diff)
  • % Done changed from 0 to 100
#2

Updated by Victor Julien almost 5 years ago

  • Description updated (diff)
#3

Updated by Victor Julien almost 5 years ago

  • Status changed from Assigned to Closed
#4

Updated by Henri Salo about 3 years ago

CVE-2015-8954 has been assigned to this issue.

Also available in: Atom PDF