Share
## https://sploitus.com/exploit?id=45D138AD-BEC6-552A-91EA-8816914CA7F4
# CVE-2024-27316 (HTTP/2 CONTINUATION flood) PoC
## Target server (Apache httpd)
Start
```shell
docker-compose up -d
```
Connectivity check
httpd v2.4.58 (vulnerable)
```shell
curl --http2 -i --head http://localhost:3392/
curl --http2 -i --head -k https://localhost:3393/
```
httpd v2.4.59 (fixed version)
```shell
curl --http2 -i --head http://localhost:3394/
curl --http2 -i --head -k https://localhost:3395/
```
Check resource status
```shell
docker stats cve-2024-27316_v2458 cve-2024-27316_v2459
```
Stop
```shell
docker-compose down
```
## PoC
```shell
npm ci
node poc.js
```