POC详情: def1d88171a992f9edaa40d813eebfdbe44ca166

来源
关联漏洞
标题: Apache HTTP Server 安全漏洞 (CVE-2024-40725)
描述:Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.4.62之前版本存在安全漏洞,该漏洞源于AddType和类似配置会导致本地内容的源代码泄露。
介绍
🚨Alert🚨Apache Vulnerability 

🚨Alert🚨Security Advisory: CVE-2024-40725 and CVE-2024-40898🚨Alert🚨

CVE-2024-40725
Description:
CVE-2024-40725 is a high-severity vulnerability found in Apache HTTP Server versions 2.4.0 to 2.4.61. This vulnerability affects the mod_proxy module. When the ProxyPass directive is enabled and URL rewrite rules are configured, an attacker can exploit this vulnerability to perform HTTP Request Smuggling attacks. This type of attack exploits discrepancies in the parsing of HTTP requests between proxy and backend servers, potentially leading to unauthorized actions such as information disclosure or unauthorized data access.
Affected Versions:
- Apache HTTP Server 2.4.0 to 2.4.61
Attack Method:

1. Identify Target Configuration:
   - The attacker needs to identify if the target system uses an affected version of Apache HTTP Server and has the mod_proxy module enabled.
   - Check if the ProxyPass directive is configured and understand possible URL rewrite rules.

2. Craft Malicious Request:
   - The attacker crafts a specially formatted HTTP request such that parts of the request are parsed differently by the proxy and backend servers.
   - For example, the attacker can use multiple Content-Length headers or a combination of Transfer-Encoding and Content-Length headers to deceive the servers.

3. Send Malicious Request:
   - The crafted malicious request is sent to the target server. The request is parsed inconsistently by the proxy and backend servers, resulting in a request smuggling attack.

4. Exploit Smuggled Request:
   - Use the smuggled request to perform further attacks, such as session hijacking, cross-site scripting (XSS), or command injection.
Mitigation:
- Upgrade to Apache HTTP Server 2.4.62 or later to fix this vulnerability.
- Ensure proper configuration of proxy settings to avoid insecure URL rewrite rules.
- Review and strengthen proxy configurations to ensure consistent parsing between proxy and backend servers.
CVE-2024-40898

Description:
CVE-2024-40898 is another high-severity vulnerability affecting Apache HTTP Server versions 2.4.0 to 2.4.61. This vulnerability involves the mod_ssl module. When the SSLVerifyClient directive is configured in a specific manner, there is a risk of authentication bypass. An attacker can exploit this vulnerability to bypass client authentication, leading to unauthorized access to the system or sensitive information.

Affected Versions:
- Apache HTTP Server 2.4.0 to 2.4.61

Attack Method:

1. Analyze Target SSL Configuration:
   - The attacker needs to identify if the target system uses an affected version of Apache HTTP Server and has the SSLVerifyClient directive configured.

2. Craft Bypass Request:
   - The attacker crafts a specific SSL request to exploit the vulnerability in the authentication logic, bypassing user authentication.
   - For example, an attacker can use invalid or partially valid client certificates to deceive the authentication mechanism.

3. Send Malicious Request:
   - The crafted request is sent to the target server, attempting to bypass SSL client authentication.
   - If successful, the attacker can access protected resources or perform privileged actions without proper authentication.

4. Exploit Bypassed Authentication:
   - The attacker uses the bypassed authentication to perform further attacks, such as data theft, configuration changes, or system intrusion.

Mitigation:
- Upgrade to Apache HTTP Server 2.4.62 or later to fix this vulnerability.
- Review and update SSL configurations to ensure the proper use of the SSLVerifyClient directive, avoiding authentication bypass risks.
- Strengthen SSL configurations to ensure the effectiveness and security of client authentication mechanisms.
文件快照

[4.0K] /data/pocs/def1d88171a992f9edaa40d813eebfdbe44ca166 ├── [1.4K] CVE-2024-40725.py ├── [1.5K] CVE-2024-40898 .py └── [3.7K] README.md 0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。