Share
## https://sploitus.com/exploit?id=2D1CF102-1932-5BC7-AB3F-30C658A986DC
# CVE-2025-8671-vulnerability-POC-
CVE-2025-8671 vulnerability POC
# CVE-2025-8671 Vulnerability Scanner
A professional security research tool for detecting the **MadeYouReset** vulnerability (CVE-2025-8671) in HTTP/2 servers. This scanner uses multiple detection heuristics to identify servers vulnerable to stream accounting manipulation attacks.



---
## ๐ About CVE-2025-8671
The **MadeYouReset** vulnerability exploits HTTP/2 stream accounting by forcing servers to send `RST_STREAM` frames via malformed protocol violations while backend processing continues. This creates a resource exhaustion condition that can lead to:
- **Denial of Service (DoS)** - Server resource exhaustion
- **Backend overload** - Processing continues despite stream resets
- **Service degradation** - Increased latency and 5xx errors
### Attack Mechanism
The scanner tests three primary attack primitives:
1. **WINDOW_UPDATE with increment=0** - Protocol violation per RFC 7540
2. **WINDOW_UPDATE overflow** - Flow control window overflow
3. **DATA on half-closed stream** - Sending data after END_STREAM
---
## โจ Features
- โ
**Multi-indicator detection** - Analyzes 7+ vulnerability signals
- โ
**Low false positives** - Scoring system with confidence levels
- โ
**Batch scanning** - Test multiple domains from a file
- โ
**Iterative testing** - Multiple test runs for accuracy
- โ
**Detailed reporting** - Verbose mode with real-time analysis
- โ
**Color-coded output** - Easy-to-read terminal results
---
## ๐ Requirements
- **Python 3.7+**
- **h2** library (hyper-h2)
---
## ๐ Installation
### 1. Clone the Repository
```bash
git clone https://github.com/yourusername/cve-2025-8671-scanner.git
cd cve-2025-8671-scanner
```
### 2. Install Dependencies
```bash
pip3 install -r requirements.txt
```
Or install manually:
```bash
pip3 install h2
```
### 3. Make Scanner Executable
```bash
chmod +x cve-2025-8671-scanner.py---
## ๐ Domain List Format
Create a `domains.txt` file with one domain per line:
```text
# Production servers
prod-api.example.com
prod-web.example.com
# Staging servers
staging.example.org
# CDN endpoints
cdn1.example.net
cdn2.example.net
```
- Lines starting with `#` are treated as comments
- Empty lines are ignored---
## ๐ Domain List Format
Create a `domains.txt` file with one domain per line:
```text
# Production servers
prod-api.example.com
prod-web.example.com
# Staging servers
staging.example.org
# CDN endpoints
cdn1.example.net
cdn2.example.net
```
- Lines starting with `#` are treated as comments
- Empty lines are ignored---
## ๐ป Usage
### Basic Usage
**Test a single domain:**
```bash
python3 cve-2025-8671-scanner.py example.com
```
**Test multiple domains from a file:**
```bash
python3 cve-2025-8671-scanner.py domains.txt
```
### Advanced Options
```bash
python3 cve-2025-8671-scanner.py [options]
Options:
--verbose Show detailed testing output
--runs N Number of test iterations (default: 3)
```
### Examples
**Verbose single domain scan:**
```bash
python3 cve-2025-8671-scanner.py vulnerable-server.com --verbose
```
**Batch scan with 5 iterations:**
```bash
python3 cve-2025-8671-scanner.py domains.txt --runs 5
```
**Detailed analysis with verbose output:**
```bash
python3 cve-2025-8671-scanner.py target.example.org --verbose --runs 5
```
- No `http://` or `https://` prefix needed
---
## ๐ Output Interpretation
### Vulnerability Scores
The scanner calculates a vulnerability score (0-15+) based on multiple indicators:
| Score Range | Classification | Confidence | Action Required |
|-------------|----------------|------------|-----------------|
| **6+** | โ
VULNERABLE | HIGH | Immediate patching recommended |
| **4-5** | โ ๏ธ LIKELY VULNERABLE | MEDIUM | Further investigation needed |
| **2-3** | โ POSSIBLY VULNERABLE | LOW | Monitor and retest |
| **0-1** | โ NOT VULNERABLE | N/A | No action needed |
### Detection Indicators
The scanner analyzes these vulnerability signals:
1. **Server RST_STREAM count** - Server sending stream resets (key indicator)
2. **HTTP 5xx errors** - Backend overload symptoms
3. **Latency increase** - Performance degradation during attack
4. **No GOAWAY received** - Server doesn't detect abuse
5. **Sustained impact** - Consistent degradation across measurements
6. **Backend mismatch** - Processing continues after RST
7. **Control frame tolerance** - Server accepts malformed frames
### Example Output
```
======================================================================
Testing: vulnerable-api.example.com
======================================================================
โ vulnerable-api.example.com - VULNERABLE
Confidence: HIGH (score: 8.0/max: 9)
Indicators: 7.3 avg server RST, 2.0 avg 5xx, no GOAWAY
======================================================================
SCAN SUMMARY
======================================================================
Total tested: 5
Vulnerable: 2
Likely vulnerable: 1
Possibly vulnerable: 0
Not vulnerable: 2
```
---
## ๐ง Technical Details
### Detection Methodology
1. **Baseline Measurement**
- Establishes normal server RTT via PING frames
- Measures 5 baseline samples for statistical validity
2. **Attack Phase**
- Opens up to 100 HTTP/2 streams
- Sends malformed frames to trigger protocol violations
- Monitors server responses in real-time
3. **Analysis Phase**
- Aggregates metrics across multiple test runs
- Calculates vulnerability score from 7+ indicators
- Provides confidence-based classification
### Attack Primitives
```python
# WINDOW_UPDATE with increment=0 (RFC 7540 violation)
USE_WINDOW_UPDATE_ZERO = True
# WINDOW_UPDATE causing flow control overflow
USE_WINDOW_OVERFLOW = True
# DATA frames on half-closed streams
USE_HALF_CLOSED_DATA = True
```
### Configuration
Key parameters (adjustable in source code):
```python
PORT = 443 # Target port
TIMEOUT = 6 # Connection timeout
TOTAL_STREAMS = 100 # Max streams to open
SCAN_TIME_LIMIT = 15 # Max scan duration (seconds)
BASELINE_PINGS = 5 # Baseline RTT measurements
```
---
## โ ๏ธ Disclaimer
**FOR SECURITY RESEARCH AND AUTHORIZED TESTING ONLY**
This tool is provided for legitimate security research and vulnerability assessment. Users must:
- โ
Obtain explicit authorization before scanning any systems
- โ
Comply with all applicable laws and regulations
- โ
Follow responsible disclosure practices
- โ NOT use for malicious purposes or unauthorized access
The authors assume no liability for misuse or damage caused by this software.
---
## ๐ References
- **CVE-2025-8671**: [NVD Entry](https://nvd.nist.gov/vuln/detail/CVE-2025-8671)
- **RFC 7540**: [HTTP/2 Specification](https://tools.ietf.org/html/rfc7540)
- **hyper-h2**: [Python HTTP/2 Library](https://python-hyper.org/projects/h2/)
---
---
**โก Stay secure and scan responsibly!**