Published: 08/09/2021 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 447

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

An integer overflow exists in HAProxy 2.0 up to and including 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an malicious user to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

Vulnerable Product	Search on Vulmon	Subscribe to Product
haproxy haproxy
haproxy haproxy 2.5
debian debian linux 11.0
fedoraproject fedora 33
fedoraproject fedora 34

Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update for openshift-gitops-applicationset-container, openshift-gitops-container, openshift-gitops-kam-delivery-container, and openshift-gitops-operator-container is now available for Red Hat OpenShift GitOps 12 (GitOps v122)Re ...

Synopsis Moderate: Red Hat Advanced Cluster Management 2211 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 2211 General Availability release images, which provide one or more container updates and bug fixesRed Hat Product Security has rated this update as ...

Ori Hollander reported that missing header name length checks in the htx_add_header() and htx_add_trailer() functions in HAProxy, a fast and reliable load balancing reverse proxy, could result in request smuggling attacks or response splitting attacks Additionally this update addresses #993303 introduced in DSA 4960-1 causing HAProxy to fail servi ...

A flaw was found in haproxy An input validation flaw when processing HTTP/2 requests causes haproxy to not ensure that the scheme and path portions of a URI have the expected characters This may cause specially crafted input to bypass implemented security restrictions The highest threat from this vulnerability is confidentiality (CVE-2021-3924 ...

No description is available for this CVE ...

A bug has been found in the HTTP header name length encoding in the HTX representation of haproxy, by which the most significant bit of the name's length can slip into the value's least significant bit A remote attacker could craft a valid request that could inject a dummy content-length on input that would be produced on output in addition to the ...

CVE-2021-40346 integer overflow enables http smuggling

CVE-2021-40346-POC CVE-2021-40346 integer overflow enables http smuggling 整数溢出导致的http请求走私中文分析：HAProxy请求走私漏洞（CVE-2021-40346）分析 Reference: jfrogcom/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/ Build git clone githubcom/donky16/CVE-2021-40346-POCgit cd CVE-2021

INTENT-CTF-2021 Category: Web Name: Careers Level: None Technique: ZIP Symlink Vulnerability Description: We got hacked, We're trying to indentify the ROOT cause If you are a l33t h4x0r, please upload your resume Solution Overview challenge provided a main page and careersphp page I think website can upload reverse shell but i read details a title only accepted zip

HAProxy CVE-2021-40346

HAProxy_CVE-2021-40346 HAProxy CVE-2021-40346 Writeup Follow us Vulnmachines YouTube Twitter Facebook LinkedIn

CVE-2021-40346 - HaProxy HTTP request smuggling through integer overflow

CVE-2021-40346 Integer overflow on header request internal representation allows HTTP request smuggling This repository presents a PoC built with docker-compose using two docker images: one with a vulnerable version of HaProxy (in this case 2216) and one with a Flask web server using Gunicorn as WSGI By exploiting the vulnerability we are able to access the /admin page, who

CVE-2021-40346 PoC (HAProxy HTTP Smuggling)

CVE-2021-40346 CVE-2021-40346 PoC (HAProxy HTTP Smuggling) For educational purposes only Setup $ docker build -t cve-2021-40346 $ docker run --name poc -p 8000:80 -d --rm -it cve-2021-40346 4941e9f23508b497e4cbe334a75e7cdb84c83478522ed85f48db3477f97a6fb4 Test Confirm /admin is denied $ curl localhost:8000 hello $ curl loc

Nginx Nginx 场景绕过之一: URL white spaces + Gunicorn Nginx 场景绕过之二: 斜杠(trailing slash) 与 #（Weblogic为例） Nginx 场景绕过之三: 斜杠(trailing slash) 与 ;（Weblogic为例） Squid Squid 场景绕过之一: URN bypass ACL HAProxy HAProxy 场景绕过之一: CVE-2021-40346 Content-Length 整型溢出与HTTP Request Smuggling mod_proxy Apache Mo

CVE-2021-40346

CWE-190 https://git.haproxy.org/?p=haproxy.git https://www.debian.org/security/2021/dsa-4968 https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/https://github.com/haproxy/haproxy/commit/3b69886f7dcc3cfb3d166309018e6cfec9ce2c95 https://www.mail-archive.com/haproxy%40formilux.org https://www.mail-archive.com/haproxy%40formilux.org/msg41114.html https://lists.apache.org/thread.html/r284567dd7523f5823e2ce995f787ccd37b1cc4108779c50a97c79120%40%3Cdev.cloudstack.apache.org%3E https://lists.apache.org/thread.html/r8a58fd7a29808e5d27ee56877745e58dc4bb041b9af94601554e2a5a%40%3Cdev.cloudstack.apache.org%3E https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A7V2IYO22LWVBGUNZWVKNTMDV4KINLFO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MXTSBY2TEAXWZVFQM3CXHJFRONX7PEMN/https://access.redhat.com/errata/RHSA-2022:0580 https://nvd.nist.gov https://github.com/donky16/CVE-2021-40346-POC https://www.debian.org/security/2021/dsa-4968

CVE-2021-40346

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect