{"uuid": "9b053be6-aad0-4cfb-aa00-a842f0513cd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40346", "type": "published-proof-of-concept", "source": "https://t.me/dc7342/42353", "content": "Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling\n\ud83d\udc64 by Ori Hollander and Or Peles\n\nThe vulnerability,\u00a0CVE-2021-40346, is an Integer Overflow, triggerable via the Content-Length HTTP header, that makes it possible to conduct HTTP Request Smuggling attacks.\n\n\ud83d\udcdd Contents:\n\u2022 Technical Background\n  \u2022 HTTP Request Smuggling\n  \u2022 HAProxy\u2019s HTTP request processing phases (simplified)\n\u2022 Attack Scenario \u2013 Bypassing http-request ACLs\n  \u2022 What happens inside HAProxy\n  \u2022 Getting the HTTP response for the smuggled request\n  \u2022 Attack demonstration \u2013 ACL bypass\n\u2022 Vulnerability Details\n\u2022 Automating the Discovery\n\u2022 Fixes and Workarounds\n\nhttps://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/", "creation_timestamp": "2021-09-09T14:24:36.000000Z"}