Project

General

Profile

Actions

Security #1364

closed

evasion issues

Added by Victor Julien almost 10 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
High
Assignee:
Target version:
Affected Versions:
Label:
Git IDs:

b09b20d7e2280fafd0282a6a566a65411ca5137f

Severity:
Disclosure Date:

Description

A logic error in MemcmpLowercase excluded the first byte from the compare. This can lead to FN/FP issues for all users of this function.

Affected:
  • HTTP multipart parsing might get confused, so file matching and extraction can fail
  • http_header keyword won't inspect specific headers:
  • with name Xookie (where X can be any byte but 'c'/'C')
  • with name Xet-cookie (where X can be any byte but 's'/'S')
  • fileext keyword can be bypassed
  • FTP 'ftpbounce' keyword may be bypassed
Actions

Also available in: Atom PDF