Exploit for Server-Side Request Forgery in Apache Http_Server CVE-2024-40898

Name: Exploit for Server-Side Request Forgery in Apache Http_Server CVE-2024-40898
Rating: 5 (205 reviews)

2025-06-14 | CVSS 9.1

## https://sploitus.com/exploit?id=FD2EE3A5-BAEA-5845-BA35-E6889992214F
# CVE-2024-40898
This Python script checks for the presence of CVE-2024-40898, a critical vulnerability in Apache HTTP Server that may allow SSL/TLS certificate verification bypass under certain misconfigurations.  It initiates an SSL connection to the target server and sends a HEAD request.

It initiates an SSL connection to the target server and sends a HEAD request. If the response suggests that SSL certificate verification is improperly handled, the server might be vulnerable.

🚀 Features
✅ Supports full URLs or plain IPs with optional ports

✅ Automatically parses and defaults to port 443 if not specified

✅ Ignores SSL certificate errors (for test purposes)

✅ Minimal and fast detection logic

✅ Clear output indicating possible vulnerability

🛠 Usage
python CVE-2024-40898.py -u https://192.168.1.1:443
You can also just pass an IP:

python CVE-2024-40898.py -u 192.168.1.1
⚠️ Disclaimer
This script is for educational and authorized security testing only. Do not use on systems you do not own or have explicit permission to test.