Exploit for CVE-2024-27316

Name: Exploit for CVE-2024-27316
Rating: 5 (266 reviews)

2024-04-17 | CVSS 8.3

## https://sploitus.com/exploit?id=45D138AD-BEC6-552A-91EA-8816914CA7F4
# CVE-2024-27316 (HTTP/2 CONTINUATION flood) PoC

## Target server (Apache httpd)

Start
```shell
docker-compose up -d
```

Connectivity check

httpd v2.4.58 (vulnerable)
```shell
curl --http2 -i --head http://localhost:3392/
curl --http2 -i --head -k https://localhost:3393/
```

httpd v2.4.59 (fixed version)
```shell
curl --http2 -i --head http://localhost:3394/
curl --http2 -i --head -k https://localhost:3395/
```

Check resource status
```shell
docker stats cve-2024-27316_v2458 cve-2024-27316_v2459
```

Stop
```shell
docker-compose down
```

## PoC

```shell
npm ci
node poc.js
```