Metasploit modules that can be used to exploit Apache » Http Server » 2.2.14
-
Apache Optionsbleed Scanner
Disclosure Date: 2017-09-18First seen: 2020-04-26auxiliary/scanner/http/apache_optionsbleedThis module scans for the Apache optionsbleed vulnerability where the Allow response header returned from an OPTIONS request may bleed memory if the server has a .htaccess file with an invalid Limit method defined. -
Apache Range Header DoS (Apache Killer)
Disclosure Date: 2011-08-19First seen: 2020-04-26auxiliary/dos/http/apache_range_dosThe byterange filter in the Apache HTTP Server 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, exploit called "Apache Killer" Authors: - Kingcope - Masashi Fujiwara - Markus Neis <markus.neis@gmail.com> -
Apache mod_isapi Dangling Pointer
Disclosure Date: 2010-03-05First seen: 2020-04-26auxiliary/dos/http/apache_mod_isapiThis module triggers a use-after-free vulnerability in the Apache Software Foundation mod_isapi extension for versions 2.2.14 and earlier. In order to reach the vulnerable code, the target server must have an ISAPI module installed and configured. By making a request that terminates abnormally (either an aborted TCP connection or an unsatisfied chunked request), mod_isapi will unload the ISAPI extension. Later, if another request comes for that ISAPI module, previously obtained pointers will be used resulting in an access violation or potentially arbitrary code execution. Although arbitrary code execution is theoretically possible, a real-world method of invoking this consequence has not been proven. In order to do so, one would need to find a situation where a particular ISAPI module loads at an image base address that can be re-allocated by a remote attacker. Limited success was encountered using two separate ISAPI modules. In this scenario, a second ISAPI module was loaded into the same memory area as the previously unloaded module. Authors: - Brett Gervasoni - jduck <jduck@metasploit.com> -
Slowloris Denial of Service Attack
Disclosure Date: 2009-06-17First seen: 2020-04-26auxiliary/dos/http/slowlorisSlowloris tries to keep many connections to the target web server open and hold them open as long as possible. It accomplishes this by opening connections to the target web server and sending a partial request. Periodically, it will send subsequent HTTP headers, adding to-but never completing-the request. Affected servers will keep these connections open, filling their maximum concurrent connection pool, eventually denying additional connection attempts from clients. Authors: - RSnake - Gokberk Yaltirakli - Daniel Teixeira - Matthew Kienow <matthew_kienow[AT]rapid7.com> -
Apache Reverse Proxy Bypass Vulnerability Scanner
First seen: 2020-04-26auxiliary/scanner/http/rewrite_proxy_bypassScan for poorly configured reverse proxy servers. By default, this module attempts to force the server to make a request with an invalid domain name. Then, if the bypass is successful, the server will look it up and of course fail, then responding with a status code 502. A baseline status code is always established and if that baseline matches your test status code, the injection attempt does not occur. "set VERBOSE true" if you are paranoid and want to catch potential false negatives. Works best against Apache and mod_rewrite Authors: - chao-mu
5 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details