Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-44487 PoC — Apache HTTP/2 资源管理错误漏洞

Source
https://github.com/bcdannyboy/CVE-2023-44487
Associated Vulnerability
Title:Apache HTTP/2 资源管理错误漏洞 (CVE-2023-44487)
Description:The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Description
Basic vulnerability scanning to see if web servers may be vulnerable to CVE-2023-44487
Readme
# CVE-2023-44487
Basic vulnerability scanning to see if web servers may be vulnerable to CVE-2023-44487

This tool checks to see if a website is vulnerable to CVE-2023-44487 completely non-invasively.

1. The tool checks if a web server accepts HTTP/2 requests without downgrading them
2. If the web server accepts and does not downgrade HTTP/2 requests the tool attempts to open a connection stream and subsequently reset it
3. If the web server accepts the creation and resetting of a connection stream then the server is definitely vulnerable, if it only accepts HTTP/2 requests but the stream connection fails it may be vulnerable if the server-side capabilities are enabled.

To run,

    $ python3 -m pip install -r requirements.txt

    $ python3 cve202344487.py -i input_urls.txt -o output_results.csv

You can also specify an HTTP proxy to proxy all the requests through with the `--proxy` flag

    $ python3 cve202344487.py -i input_urls.txt -o output_results.csv --proxy http://proxysite.com:1234

The script outputs a CSV file with the following columns

- Timestamp: a timestamp of the request
- Source Internal IP: The internal IP address of the host sending the HTTP requests
- Source External IP: The external IP address of the host sending the HTTP requests
- URL: The URL being scanned
- Vulnerability Status: "VULNERABLE"/"LIKELY"/"POSSIBLE"/"SAFE"/"ERROR"
- Error/Downgrade Version: The error or the version the HTTP server downgrades the request to

*Note: "Vulnerable" in this context means that it is confirmed that an attacker can reset the a stream connection without issue, it does not take into account implementation-specific or volume-based detections*

# Dockerized

Build

    $ docker build -t py-cve-2023-44487 .

Run:

    $ docker run --rm -v /path/to/urls:/shared py-cve-2023-44487 -i /shared/input_urls.txt -o /shared/output_results.csv
File Snapshot

 [4.0K]  /data/pocs/b9c9ed9ab3e9456732b852ffba3a615b205f2255
├── [9.2K]  cve202344487.py
├── [ 176]  Dockerfile
├── [1.8K]  README.md
└── [  18]  requirements.txt

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →