Exploit for Uncontrolled Resource Consumption in Ietf Http CVE-2023-44487

Name: Exploit for Uncontrolled Resource Consumption in Ietf Http CVE-2023-44487
Rating: 5 (155 reviews)
2025-04-22 | CVSS 7.5
## https://sploitus.com/exploit?id=B0B1EF25-DE18-534A-AE5B-E6E87669C1D2
# ⚡ CVE-2023-44487 Demo – HTTP/2 Rapid Reset Attack

This project demonstrates the HTTP/2 "Rapid Reset" vulnerability (CVE-2023-44487) that allows attackers to overwhelm servers using RST_STREAM frames, causing denial-of-service (DoS). It includes:

- ✅ Exploit test using Golang-based tool
- ✅ Vulnerable Apache HTTP/2 setup via Docker
- ✅ Real-time monitoring with Webmin
- ✅ Firewall-based mitigation with IPTables


---

## 📁 Folder Structure

- [`Setup/setup_guide.md`](Setup/setup_guide.md) – Environment setup (attacker & victim)
- [`Detection/webmin_monitoring.md`](Detection/webmin_monitoring.md) – Monitoring with Webmin
- [`Mitigation/iptables.md`](Mitigation/iptables.md) – Firewall rule to stop the attack
- [`Images/`](Images/)
  - `webmin_spike.png`
  - `webmin_cpu.png`
  - `apache_log.png`
- `README.md`

---

## ⚙️ Setup Instructions

📄 View full setup guide here:  
[`Setup/setup_guide.md`](Setup/setup_guide.md)

It includes:
- Cloning the original exploit repo
- Building the Golang tool
- Running the vulnerable Apache HTTP/2 container
- Installing and accessing Webmin

---

## 🕵️ Detection (Webmin Monitoring)

📝 **Guide**: Detection/webmin_monitoring.md

### 📸 Screenshots

Images/webmin_spike.png   ← CPU spike during attack  
Images/webmin_cpu.png     ← Webmin CPU monitor  
Images/apache_log.png     ← Apache access logs  

These visuals confirm that the exploit successfully triggers load and logs corresponding request activity.

---

## 🛡️ Mitigation (IPTables Firewall Rules)

📄 See: [`Mitigation/iptables.md`](Mitigation/iptables.md)

Highlights:
- Uses `hashlimit` to rate-limit connections per IP
- Drops excess HTTP/2 requests
- Protects the server from resource exhaustion

---

## Credits

This demo is based on [PatrickTulskie's `reset-rabbit`](https://github.com/PatrickTulskie/reset-rabbit), extended with:

- 🛠️ Step-by-step setup & detection documentation  
- 📊 Visual proof of DoS using Webmin  
- 🔐 Custom IPTables rules to mitigate the attack  

Created for educational use under controlled lab conditions.

---

## 📚 References

- [CVE-2023-44487 – NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)
- [Google Cloud – Rapid Reset Blog](https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack)
- [Cloudflare: HTTP/2 vs HTTP/1.1](https://www.cloudflare.com/learning/performance/http2-vs-http1.1/)
- [Vicarius Security Blog. (2024)](https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause)

---

Created by **Harshitha Sha** ❤️