Security #1364
Updated by Victor Julien almost 10 years ago
A logic error in MemcmpLowercase excluded the first byte from the compare. This can lead to FN/FP issues for all users of this function.
Affected:
- HTTP multipart parsing might get confused, so file matching and extraction can fail
- http_header keyword won't inspect specific headers:
- with name Xookie (where X can be any byte but 'c'/'C')
- with name Xet-cookie (where X can be any byte but 's'/'S')
- fileext keyword can be bypassed
- FTP 'ftpbounce' keyword may be bypassed