POC详情: 8af98b78ade06532c3d6e556e1862976daf002d9

来源
https://github.com/anilpatel199n/CVE-2024-40898
关联漏洞
标题: Apache HTTP Server 代码问题漏洞 (CVE-2024-40898)
描述:Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.4.62之前版本存在代码问题漏洞,该漏洞源于存在服务器端请求伪造问题,可能会将NTML哈希泄露给恶意服务器。
描述
This Python script checks for the presence of CVE-2024-40898, a critical vulnerability in Apache HTTP Server that may allow SSL/TLS certificate verification bypass under certain misconfigurations.  It initiates an SSL connection to the target server and sends a HEAD request.
介绍
# CVE-2024-40898
This Python script checks for the presence of CVE-2024-40898, a critical vulnerability in Apache HTTP Server that may allow SSL/TLS certificate verification bypass under certain misconfigurations.  It initiates an SSL connection to the target server and sends a HEAD request.

It initiates an SSL connection to the target server and sends a HEAD request. If the response suggests that SSL certificate verification is improperly handled, the server might be vulnerable.

🚀 Features
✅ Supports full URLs or plain IPs with optional ports

✅ Automatically parses and defaults to port 443 if not specified

✅ Ignores SSL certificate errors (for test purposes)

✅ Minimal and fast detection logic

✅ Clear output indicating possible vulnerability

🛠 Usage
python CVE-2024-40898.py -u https://192.168.1.1:443
You can also just pass an IP:

python CVE-2024-40898.py -u 192.168.1.1
⚠️ Disclaimer
This script is for educational and authorized security testing only. Do not use on systems you do not own or have explicit permission to test.
文件快照

 [4.0K]  /data/pocs/8af98b78ade06532c3d6e556e1862976daf002d9
├── [1.7K]  CVE-2024-40898 .py
└── [1.0K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。