CVE-2024-31309

HIGH

Apache Traffic Server 8.0.0-8.1.9 9.0.0-9.2.3 - Denial of Service via HTTP/2 CONTINUATION Frames

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-31309. PoCs published by lockness-Ko.

AI-analyzed exploit summary This repository contains a functional Go-based proof-of-concept for CVE-2024-27316, a DoS vulnerability affecting HTTP/2 servers. The exploit sends maliciously crafted headers to trigger excessive memory consumption, leading to a denial-of-service condition.

Description

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.

Exploits (1)

github WORKING POC 15 stars

by lockness-Ko · gopoc

https://github.com/lockness-Ko/CVE-2024-27316

View Code ZIP pw:eip

This repository contains a functional Go-based proof-of-concept for CVE-2024-27316, a DoS vulnerability affecting HTTP/2 servers. The exploit sends maliciously crafted headers to trigger excessive memory consumption, leading to a denial-of-service condition.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: HTTP/2 servers (unencrypted or TLS)

No auth needed

Prerequisites: Network access to target HTTP/2 server

MITRE ATT&CK