Project

General

Profile

Security #1364

Updated by Victor Julien over 9 years ago

A logic error in MemcmpLowercase excluded the first byte from the compare. This can lead to FN/FP issues for all users of this function. 

 Affected: 
 - HTTP multipart parsing might get confused, so file matching and extraction can fail 
 - http_header keyword won't inspect specific headers: 
  - with name Xookie (where X can be any byte but 'c'/'C') 
  - with name Xet-cookie (where X can be any byte but 's'/'S') 
 - fileext keyword can be bypassed 
 - FTP 'ftpbounce' keyword may be bypassed 

Back