Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-9798 PoC — Apache HTTP Server 资源管理错误漏洞

Source
https://github.com/l0n3rs/CVE-2017-9798
Associated Vulnerability
Title:Apache HTTP Server 资源管理错误漏洞 (CVE-2017-9798)
Description:Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.
Readme
# CVE-2017-9798
This small script checks a shared hosting environment for CVE-2017-9798 and exits with a return code of 1 if a vulnerable .htaccess file has been found.
File Snapshot

 [4.0K]  /data/pocs/6107d2449db88307c1a9ee7707aabb3002051d9e
├── [1.5K]  check.py
└── [ 169]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →