Apache Httpd: 2.4.18 Exploit [better]

The following article details the primary vulnerabilities, how they are exploited, and how to secure your environment.

The HTTP/2 stream unnecessarily occupies a server thread while cleaning up incoming data, causing a severe thread-block condition. Targeting this version allows a remote attacker to block all available server threads, resulting in a total Denial of Service (DoS) . 3. The "Httpoxy" Vulnerability (CVE-2016-5387)

The vulnerability, known as CVE-2017-15715, was a critical issue in Apache httpd 2.4.18 that allowed an attacker to execute arbitrary code on the server. It was a bug in the mod_lua module, which allowed Lua scripts to be executed on the server. apache httpd 2.4.18 exploit

For security researchers: Focus on . For sysadmins: Upgrade or virtualize . Apache 2.4.18 has reached end-of-life; running it today is a risk not because of a single magic exploit, but because of the cumulative burden of two dozen minor-to-moderate CVEs.

6.1 (Medium) Type: CRLF Injection

The front-end proxy processes the Transfer-Encoding: chunked , sees the 0 chunk, and ends the request. But Apache 2.4.18 keeps the socket open and interprets the subsequent GET /admin... as a second request—originating from the victim’s IP, bypassing ACLs.

nmap -sV --script=http-request-smuggling.nse -p 80,443 target.com For security researchers: Focus on

Since upgrading is not always immediately possible, a is required.

FROM ubuntu:16.04 RUN apt-get update && apt-get install -y apache2=2.4.18-2ubuntu3 # Enable mod_cgi, mod_http2, and set AllowOverride All COPY vulnerable.cgi /usr/lib/cgi-bin/ CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"] nmap -sV --script=http-request-smuggling.nse -p 80

Using a simple C program, an attacker on a compromised host can locate the Apache scoreboard: