CVE-2019-5645

EIP tracks 1 public exploit for CVE-2019-5645. PoCs published by Jose Garduno, Dreamlab Technologies AG, Angelo Seiler, Dreamlab Technologies AG, including Metasploit module auxiliary/dos/http/metasploit_httphandler_dos.

AI-analyzed exploit summary This Metasploit module exploits a DoS vulnerability in the Metasploit HTTP(S) handler by sending crafted HTTP requests that trigger ReDoS (Regular Expression Denial of Service) conditions. It supports three DoS types (GENTLE, SOFT, HARD) and tests service unresponsiveness.

By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server.