Exploitation Summary
EIP tracks 5 public exploits for CVE-2021-40346. PoCs published by knqyf263, donky16, Vulnmachines.
AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2021-40346, an HTTP request smuggling vulnerability in HAProxy. The PoC demonstrates how an attacker can bypass access controls (e.g., `/admin` endpoint) by exploiting inconsistent handling of HTTP headers.
Description
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
Exploits (5)
This repository contains a proof-of-concept for CVE-2021-40346, an HTTP request smuggling vulnerability in HAProxy. The PoC demonstrates how an attacker can bypass access controls (e.g., `/admin` endpoint) by exploiting inconsistent handling of HTTP headers.
The repository claims to be a PoC for CVE-2021-40346 (HAProxy integer overflow leading to HTTP request smuggling) but only contains a basic Flask app with no exploit logic. The README references external analysis but lacks functional exploit code.
This repository contains a writeup and references for CVE-2021-40346, an integer overflow vulnerability in HAProxy that enables HTTP smuggling. It provides links to external resources but does not include exploit code or technical details.
This repository contains a Python-based exploit for CVE-2021-40346, a vulnerability in HAProxy that allows HTTP request smuggling. The exploit crafts a malicious HTTP request to bypass access controls and retrieve forbidden resources.
This PoC demonstrates CVE-2021-40346, an integer overflow vulnerability in HAProxy that enables HTTP request smuggling to bypass ACLs. The exploit uses a crafted header to trigger an overflow, allowing an attacker to smuggle a request to a protected endpoint.
References (10)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N