INDEX

==========================================
CVE-2026-34441 Variant Analysis
Testing potential bypasses and variants
==========================================

[INFO] Building v0.38.0 server...
[INFO] v0.38.0 built successfully
[INFO] Building v0.40.0 server...
[INFO] v0.40.0 built successfully

==========================================
TEST SUITE: Variant Analysis
==========================================

--- Testing against VULNERABLE version (v0.38.0) ---

[TEST] Variant: v1_get_baseline | Version: v0.38.0
First response: 179 bytes
Second response: 112 bytes
ADMIN ACCESS GRANTED
[VULNERABLE] Smuggling detected!

[TEST] Variant: v2_cl_te | Version: v0.38.0
Response: 179 bytes
Response preview: b'HTTP/1.1 200 OK\r\nKeep-Alive: timeout=5, max=100\r\nContent-Length: 15\r\nContent-Type: text/html\r\nLast-Modified: Fri, 03 Apr 2026 15:03:46 GMT\r\nETag: W/"69cfd6d2-f"\r\n\r\n<h1>INDEX</h1>\n'
[NOT VULNERABLE] No smuggling

[TEST] Variant: v3_head | Version: v0.38.0
First response: 186 bytes
Second response: 112 bytes
ADMIN ACCESS GRANTED
[VULNERABLE] Smuggling detected!

[TEST] Variant: v4_oversized | Version: v0.38.0
Error: [Errno 32] Broken pipe
[NOT VULNERABLE] No smuggling

[TEST] Variant: v5_http10 | Version: v0.38.0
First response: 179 bytes
Second response: 0 bytes
[NOT VULNERABLE] No smuggling

--- Testing against FIXED version (v0.40.0) ---

[TEST] Variant: v1_get_baseline | Version: v0.40.0
First response: 179 bytes
Second response: 0 bytes
[NOT VULNERABLE] No smuggling

[TEST] Variant: v2_cl_te | Version: v0.40.0
Response: 66 bytes
Response preview: b'HTTP/1.1 400 Bad Request\r\nContent-Length: 0\r\nConnection: close\r\n\r\n'
Got 400 Bad Request - CL+TE fix working
[NOT VULNERABLE] No smuggling

[TEST] Variant: v3_head | Version: v0.40.0
First response: 186 bytes
Second response: 0 bytes
[NOT VULNERABLE] No smuggling

[TEST] Variant: v4_oversized | Version: v0.40.0
First response: 179 bytes
Second response: 0 bytes
[NOT VULNERABLE] No smuggling

[TEST] Variant: v5_http10 | Version: v0.40.0
First response: 179 bytes
Second response: 0 bytes
[NOT VULNERABLE] No smuggling

==========================================
SUMMARY
==========================================

Variant Results (0=vulnerable, 1=not vulnerable):

Variant                        | v0.38.0         | v0.40.0        
------------------------------ | --------------- | ---------------
v1_get_baseline (original)     | 0               | 1              
v2_cl_te (CL+TE)               | 1               | 1              
v3_head (HEAD method)          | 0               | 1              
v4_oversized (large body)      | 1               | 1              
v5_http10 (HTTP/1.0)           | 1               | 1              


[EXIT CODE 1] No bypass found - all variants blocked by fix