CVE-2021-40346 PoC — Haproxy HAProxy 输入验证错误漏洞

Source

https://github.com/BoianEduard/CVE-2021-40346

Associated Vulnerability

Title:Haproxy HAProxy 输入验证错误漏洞 (CVE-2021-40346)
Description:Haproxy HAProxy是法国HAProxy（Haproxy）公司的一款开源的TCP/HTTP负载均衡服务器。该服务器提供4层、7层代理，并能支持上万级别的连接，具有高效、稳定等特点。 HAProxy 存在输入验证错误漏洞，该漏洞源于 HAProxy 中的 htx_add_header() 和 htx_add_trailer() 函数中缺少标头名称长度检查可能会导致请求走私攻击或响应拆分攻击。

Description

HTTP Request Smuggling

File Snapshot


 None

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!