/CVE-2024-27316_poc

Primary LanguageJavaScript

CVE-2024-27316 (HTTP/2 CONTINUATION flood) PoC

Target server (Apache httpd)

Start

docker-compose up -d

Connectivity check

httpd v2.4.58 (vulnerable)

curl --http2 -i --head http://localhost:3392/
curl --http2 -i --head -k https://localhost:3393/

httpd v2.4.59 (fixed version)

curl --http2 -i --head http://localhost:3394/
curl --http2 -i --head -k https://localhost:3395/

Check resource status

docker stats cve-2024-27316_v2458 cve-2024-27316_v2459

Stop

docker-compose down

PoC

npm ci
node poc.js