CVE-2003-1286
Sambar Server - HTTP Proxy Request Smuggling via Connection Keep-Alive
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2003-1286. PoCs published by David Endler.
AI-analyzed exploit summary This exploit demonstrates an authentication bypass in Sambar Server by leveraging a keep-alive connection to proxy requests without IP validation. The attacker gains unauthorized access to the administrative interface by sending a valid request followed by a proxy request.
Description
HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests.
Exploits (1)
This exploit demonstrates an authentication bypass in Sambar Server by leveraging a keep-alive connection to proxy requests without IP validation. The attacker gains unauthorized access to the administrative interface by sending a valid request followed by a proxy request.