关联漏洞
标题:
Apache HTTP/2 资源管理错误漏洞
(CVE-2023-44487)
描述:HTTP/2是超文本传输协议的第二版,主要用于保证客户机与服务器之间的通信。 Apache HTTP/2存在安全漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:.NET 6.0,ASP.NET Core 6.0,.NET 7.0,Microsoft Visual Studio 2022 version 17.2,Microsoft Visual Studio 2022 version 17.4,Microsoft Visual Studio 2022 version 17.6,Micros
描述
Basic vulnerability scanning to see if web servers may be vulnerable to CVE-2023-44487
介绍
# CVE-2023-44487
Basic vulnerability scanning to see if web servers may be vulnerable to CVE-2023-44487
This tool checks to see if a website is vulnerable to CVE-2023-44487 completely non-invasively.
1. The tool checks if a web server accepts HTTP/2 requests without downgrading them
2. If the web server accepts and does not downgrade HTTP/2 requests the tool attempts to open a connection stream and subsequently reset it
3. If the web server accepts the creation and resetting of a connection stream then the server is definitely vulnerable, if it only accepts HTTP/2 requests but the stream connection fails it may be vulnerable if the server-side capabilities are enabled.
To run,
$ python3 -m pip install -r requirements.txt
$ python3 cve202344487.py -i input_urls.txt -o output_results.csv
You can also specify an HTTP proxy to proxy all the requests through with the `--proxy` flag
$ python3 cve202344487.py -i input_urls.txt -o output_results.csv --proxy http://proxysite.com:1234
The script outputs a CSV file with the following columns
- Timestamp: a timestamp of the request
- Source Internal IP: The internal IP address of the host sending the HTTP requests
- Source External IP: The external IP address of the host sending the HTTP requests
- URL: The URL being scanned
- Vulnerability Status: "VULNERABLE"/"LIKELY"/"POSSIBLE"/"SAFE"/"ERROR"
- Error/Downgrade Version: The error or the version the HTTP server downgrades the request to
*Note: "Vulnerable" in this context means that it is confirmed that an attacker can reset the a stream connection without issue, it does not take into account implementation-specific or volume-based detections*
# Dockerized
Build
$ docker build -t py-cve-2023-44487 .
Run:
$ docker run --rm -v /path/to/urls:/shared py-cve-2023-44487 -i /shared/input_urls.txt -o /shared/output_results.csv
文件快照
[4.0K] /data/pocs/b9c9ed9ab3e9456732b852ffba3a615b205f2255
├── [9.2K] cve202344487.py
├── [ 176] Dockerfile
├── [1.8K] README.md
└── [ 18] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。