Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2016-8740 PoC — Apache HTTP Server 拒绝服务漏洞

Source
https://github.com/jptr218/apachedos
Associated Vulnerability
Title:Apache HTTP Server 拒绝服务漏洞 (CVE-2016-8740)
Description:The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.
Description
An implementation of CVE-2016-8740
Readme
### This tool uses [CVE-2016-8740](https://nvd.nist.gov/vuln/detail/CVE-2016-8740) to crash servers running Apache HTTPD 2.4.17 - 2.4.23 that support HTTP2. It crashes these servers by forcing them to allocate insanely large amounts of RAM, making the computer unuasable.
## It can be downloaded [here](https://github.com/jptr218/apachedos/raw/main/apachedos.exe) (you will need to run it from the command line)
### Usage:

### `apachedos [target] [target port]`
File Snapshot

 [4.0K]  /data/pocs/22cd2636c4cc08bde186cbc072cde66b44dd3c17
├── [ 85K]  apachedos.exe
├── [ 463]  README.md
└── [4.0K]  src
    ├── [ 561]  hdr.h
    ├── [ 902]  http2.cpp
    ├── [ 784]  main.cpp
    └── [1.5K]  misc.cpp

1 directory, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →