Actions
Security #1364
closedevasion issues
Git IDs:
b09b20d7e2280fafd0282a6a566a65411ca5137f
Severity:
Disclosure Date:
Description
A logic error in MemcmpLowercase excluded the first byte from the compare. This can lead to FN/FP issues for all users of this function.
Affected:- HTTP multipart parsing might get confused, so file matching and extraction can fail
- http_header keyword won't inspect specific headers:
- with name Xookie (where X can be any byte but 'c'/'C')
- with name Xet-cookie (where X can be any byte but 's'/'S')
- fileext keyword can be bypassed
- FTP 'ftpbounce' keyword may be bypassed
Updated by Victor Julien over 9 years ago
- Description updated (diff)
- % Done changed from 0 to 100
Updated by Victor Julien over 9 years ago
- Status changed from Assigned to Closed
Updated by Henri Salo about 8 years ago
CVE-2015-8954 has been assigned to this issue.
Updated by Victor Julien about 4 years ago
- Tracker changed from Bug to Security
- CVE set to 2015-8954
- Git IDs updated (diff)
Actions