关联漏洞
标题:
Apache HTTP/2 资源管理错误漏洞
(CVE-2023-44487)
描述:HTTP/2是超文本传输协议的第二版,主要用于保证客户机与服务器之间的通信。 Apache HTTP/2存在安全漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:.NET 6.0,ASP.NET Core 6.0,.NET 7.0,Microsoft Visual Studio 2022 version 17.2,Microsoft Visual Studio 2022 version 17.4,Microsoft Visual Studio 2022 version 17.6,Micros
描述
Demo for detection and mitigation of HTTP/2 Rapid Reset vulnerability (CVE-2023-44487)
介绍
# ⚡ CVE-2023-44487 Demo – HTTP/2 Rapid Reset Attack
This project demonstrates the HTTP/2 "Rapid Reset" vulnerability (CVE-2023-44487) that allows attackers to overwhelm servers using RST_STREAM frames, causing denial-of-service (DoS). It includes:
- ✅ Exploit test using Golang-based tool
- ✅ Vulnerable Apache HTTP/2 setup via Docker
- ✅ Real-time monitoring with Webmin
- ✅ Firewall-based mitigation with IPTables
---
## 📁 Folder Structure
- [`Setup/setup_guide.md`](Setup/setup_guide.md) – Environment setup (attacker & victim)
- [`Detection/webmin_monitoring.md`](Detection/webmin_monitoring.md) – Monitoring with Webmin
- [`Mitigation/iptables.md`](Mitigation/iptables.md) – Firewall rule to stop the attack
- [`Images/`](Images/)
- `webmin_spike.png`
- `webmin_cpu.png`
- `apache_log.png`
- `README.md`
---
## ⚙️ Setup Instructions
📄 View full setup guide here:
[`Setup/setup_guide.md`](Setup/setup_guide.md)
It includes:
- Cloning the original exploit repo
- Building the Golang tool
- Running the vulnerable Apache HTTP/2 container
- Installing and accessing Webmin
---
## 🕵️ Detection (Webmin Monitoring)
📝 **Guide**: Detection/webmin_monitoring.md
### 📸 Screenshots
Images/webmin_spike.png ← CPU spike during attack
Images/webmin_cpu.png ← Webmin CPU monitor
Images/apache_log.png ← Apache access logs
These visuals confirm that the exploit successfully triggers load and logs corresponding request activity.
---
## 🛡️ Mitigation (IPTables Firewall Rules)
📄 See: [`Mitigation/iptables.md`](Mitigation/iptables.md)
Highlights:
- Uses `hashlimit` to rate-limit connections per IP
- Drops excess HTTP/2 requests
- Protects the server from resource exhaustion
---
## Credits
This demo is based on [PatrickTulskie's `reset-rabbit`](https://github.com/PatrickTulskie/reset-rabbit), extended with:
- 🛠️ Step-by-step setup & detection documentation
- 📊 Visual proof of DoS using Webmin
- 🔐 Custom IPTables rules to mitigate the attack
Created for educational use under controlled lab conditions.
---
## 📚 References
- [CVE-2023-44487 – NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)
- [Google Cloud – Rapid Reset Blog](https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack)
- [Cloudflare: HTTP/2 vs HTTP/1.1](https://www.cloudflare.com/learning/performance/http2-vs-http1.1/)
- [Vicarius Security Blog. (2024)](https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause)
---
Created by **Harshitha Sha** ❤️
文件快照
[4.0K] /data/pocs/ecdf3f11b07efb19649f39b85b40bd2c0d933223
├── [4.0K] Detection
│ └── [ 910] webmin_monitoring.md
├── [1.4K] dockerfile
├── [ 412] gitignore
├── [ 121] go.mod
├── [ 421] go.sum
├── [4.0K] Images
│ ├── [387K] apache_log.png
│ ├── [186K] webmin_cpu.png
│ └── [343K] webmin_spike.png
├── [4.0K] Mitigation
│ └── [ 537] iptables.md
├── [2.6K] README.md
├── [5.0K] reset-rabbit-research.go
└── [4.0K] Setup
└── [1.2K] setup_guide.md
4 directories, 12 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。