🔥 Burn Fat Fast. Discover How! 💪

Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Ov | PT SWARM

Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling
by Ori Hollander and Or Peles

The vulnerability, CVE-2021-40346, is an Integer Overflow, triggerable via the Content-Length HTTP header, that makes it possible to conduct HTTP Request Smuggling attacks.

Contents:
• Technical Background
• HTTP Request Smuggling
• HAProxy’s HTTP request processing phases (simplified)
• Attack Scenario – Bypassing http-request ACLs
• What happens inside HAProxy
• Getting the HTTP response for the smuggled request
• Attack demonstration – ACL bypass
• Vulnerability Details
• Automating the Discovery
• Fixes and Workarounds

https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/
Next Message
telegram-store.com © 2016-2024
Non official site about Telegram
All rights reserved. Copying and using of full materials is prohibited, partial quoting is possible only with a hyperlink to the site telegram-store.com.