This Python script checks for the presence of CVE-2024-40898, a critical vulnerability in Apache HTTP Server that may allow SSL/TLS certificate verification bypass under certain misconfigurations. It initiates an SSL connection to the target server and sends a HEAD request.# CVE-2024-40898
This Python script checks for the presence of CVE-2024-40898, a critical vulnerability in Apache HTTP Server that may allow SSL/TLS certificate verification bypass under certain misconfigurations. It initiates an SSL connection to the target server and sends a HEAD request.
It initiates an SSL connection to the target server and sends a HEAD request. If the response suggests that SSL certificate verification is improperly handled, the server might be vulnerable.
🚀 Features
✅ Supports full URLs or plain IPs with optional ports
✅ Automatically parses and defaults to port 443 if not specified
✅ Ignores SSL certificate errors (for test purposes)
✅ Minimal and fast detection logic
✅ Clear output indicating possible vulnerability
🛠 Usage
python CVE-2024-40898.py -u https://192.168.1.1:443
You can also just pass an IP:
python CVE-2024-40898.py -u 192.168.1.1
⚠️ Disclaimer
This script is for educational and authorized security testing only. Do not use on systems you do not own or have explicit permission to test.
登录后查看神龙缓存的 POC 文件快照
登录查看