支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款

POC详情: 902672687fe8ed9b00e6024ccb8f39470234af22

来源
https://github.com/lockness-Ko/CVE-2024-27316
关联漏洞
标题:Apache httpd 资源管理错误漏洞 (CVE-2024-27316)
Description:Apache httpd是美国阿帕奇(Apache)基金会的一款专为现代操作系统开发和维护的开源HTTP服务器。 Apache httpd 存在资源管理错误漏洞,该漏洞源于允许客户端不停发送 HTTP/2 标头,导致内存耗尽。
Description
Proof of concept (PoC) for CVE-2024-27316 (tested), CVE-2024-30255 (untested), CVE-2024-31309 (untested), CVE-2024-28182 (untested), CVE-2024-2653 (untested) and CVE-2024-27919 (untested)
介绍
# CVE-2024-27316

I decided to call this vulnerability specifically "CVE-2024-27316" since I have tested it against this vulnerability. The underlying flaw effects other CVEs so I thought I'd mention those with the hope that others could test and modify this PoC :)

This PoC currently only works against unencrypted http/2 servers.

Sources:
- [https://www.kb.cert.org/vuls/id/421644](https://www.kb.cert.org/vuls/id/421644)

## Running

Building:

```bash
go build
```

Running

```bash
./cve-2024-27316 -t 127.0.0.1:80 -p http -i 8192
./cve-2024-27316 -t 127.0.0.1:443 -p https -i 8192
```
文件快照

 [4.0K]  /data/pocs/902672687fe8ed9b00e6024ccb8f39470234af22
├── [ 146]  go.mod
├── [ 308]  go.sum
├── [ 18K]  LICENSE
├── [3.0K]  main.go
└── [ 593]  README.md

0 directories, 5 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。