cve/CVE-2019-18277.md at 9ac4b787af2fa0b7575b28040edee6199ce9a667

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request smuggling attack against a vulnerable component employing a lenient parser that would ignore the content-length header as soon as it saw a transfer-encoding one (even if not entirely valid according to the specification).

POC

Reference

https://nathandavison.com/blog/haproxy-http-request-smuggling

Github

https://github.com/3th1c4l-t0n1/awesome-csirt
https://github.com/ARPSyndicate/cvemon
https://github.com/BLACKHAT-SSG/Awesome-HTTPRequestSmuggling
https://github.com/PwnAwan/Awesome-HTTPRequestSmuggling
https://github.com/Spacial/awesome-csirt
https://github.com/chenjj/Awesome-HTTPRequestSmuggling

1.2 KiB Raw Blame History

CVE-2019-18277

Description

POC

Reference

Github

1.2 KiB

Raw Blame History