CVE-2021-3116
Description
before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or).
- CVSS Version 3.1
- CVSS Version 2.0
CVE ID: CVE-2021-3116
Base Score: 7.5
Base Severity: HIGH
Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Impact Score: 3.6
Exploitability Score: 3.9
CVE ID: CVE-2021-3116
Base Score: 5.0
Base Severity: MEDIUM
Vector String:AV:N/AC:L/Au:N/C:N/I:P/A:N
Content on GitHub
0vercl0k | watchers:825
CVE-2021-31166
Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.
Refrence: GitHub
ZZ-SOCMAP | watchers:19
CVE-2021-31166
Windows HTTP协议栈远程代码执行漏洞 CVE-2021-31166
Refrence: GitHub
corelight | watchers:13
CVE-2021-31166
HTTP Protocol Stack CVE-2021-31166
Refrence: GitHub
y0g3sh-99 | watchers:7
CVE-2021-31166-Exploit
Exploit for MS Http Protocol Stack RCE vulnerability (CVE-2021-31166)
Refrence: GitHub
zecopro | watchers:5
CVE-2021-31166
simple bash script for exploit CVE-2021-31166
Refrence: GitHub
zha0gongz1 | watchers:8
CVE-2021-31166
PoC for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely. Although it was defined as remote command execution, it can only cause the system to crash.
Refrence: GitHub
mauricelambert | watchers:5
CVE-2021-31166
CVE-2021-31166: exploitation with Powershell, Python, Ruby, NMAP and Metasploit.
Refrence: GitHub
mvlnetdev | watchers:3
CVE-2021-31166-detection-rules
Different rules to detect if CVE-2021-31166 is being exploited
Refrence: GitHub
imikoYa | watchers:2
CVE-2021-31166-exploit
Just a simple CVE-2021-31166 exploit tool
Refrence: GitHub
bgsilvait | watchers:0
WIn-CVE-2021-31166
Refrence: GitHub
Refrence: NVD