Project

General

Profile

Bug #1364

evasion issues

Added by Victor Julien over 2 years ago. Updated 9 months ago.

Status:
Closed
Priority:
High
Assignee:
Target version:
Start date:
01/15/2015
Due date:
% Done:

100%


Description

A logic error in MemcmpLowercase excluded the first byte from the compare. This can lead to FN/FP issues for all users of this function.

Affected:
  • HTTP multipart parsing might get confused, so file matching and extraction can fail
  • http_header keyword won't inspect specific headers:
  • with name Xookie (where X can be any byte but 'c'/'C')
  • with name Xet-cookie (where X can be any byte but 's'/'S')
  • fileext keyword can be bypassed
  • FTP 'ftpbounce' keyword may be bypassed

History

#1 Updated by Victor Julien over 2 years ago

  • Description updated (diff)
  • % Done changed from 0 to 100

#2 Updated by Victor Julien over 2 years ago

  • Description updated (diff)

#3 Updated by Victor Julien over 2 years ago

  • Status changed from Assigned to Closed

#4 Updated by Henri Salo 9 months ago

CVE-2015-8954 has been assigned to this issue.

Also available in: Atom PDF