Beyond the CARPE DIEM LPE, version 2.4.18 is susceptible to several other attacks: HTTP/2 Denial of Service (CVE-2016-1546)
While original proofs-of-concept for this were unreliable (often leading to a DoS), refined exploits using heap grooming can turn this into remote code execution. apache httpd 2.4.18 exploit
: Watch for frequent "graceful" restarts in server logs, as these are often triggered by attackers to execute the CARPE (DIEM) payload. External Resources Beyond the CARPE DIEM LPE, version 2
This report is provided for informational and defensive security use only. The author does not endorse illegal exploitation. The author does not endorse illegal exploitation
The exploit for this vulnerability involves sending a specially crafted HTTP/2 request to the vulnerable Apache HTTP Server. The request must contain a specific sequence of headers and body content that triggers the use-after-free condition. Successful exploitation can lead to:
: If a webmaster uses the Limit directive with an invalid or custom HTTP method in a .htaccess file, the server can leak small chunks of its process memory in the "Allow" header of its response.
GET / HTTP/1.1 Host: vulnerable-apache-server Authorization: Basic $(python -c 'print "A" * 10000')