mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
1.1 KiB
1.1 KiB
CVE-2021-36740
Description
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8.
POC
Reference
No PoCs from references.
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Casio-3/cn55spider
- https://github.com/aakindur/Awesome-Vulnerable-Apps
- https://github.com/detectify/Varnish-H2-Request-Smuggling
- https://github.com/edsimauricio/repo11
- https://github.com/mluzardo170464/DevSec
- https://github.com/nataliekenat/vulnerable
- https://github.com/pranay-TataCliq-infosec/test_repo
- https://github.com/vavkamil/awesome-vulnerable-apps