CVE-2024-27316 (HTTP/2 CONTINUATION flood) PoC

Target server (Apache httpd)

Start

docker-compose up -d

Connectivity check

httpd v2.4.58 (vulnerable)

curl --http2 -i --head http://localhost:3392/
curl --http2 -i --head -k https://localhost:3393/

httpd v2.4.59 (fixed version)

curl --http2 -i --head http://localhost:3394/
curl --http2 -i --head -k https://localhost:3395/

Check resource status

docker stats cve-2024-27316_v2458 cve-2024-27316_v2459

Stop

docker-compose down

npm ci
node poc.js

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
httpd-2_4_58		httpd-2_4_58
httpd-2_4_59		httpd-2_4_59
.gitignore		.gitignore
README.md		README.md
docker-compose.yml		docker-compose.yml
package-lock.json		package-lock.json
package.json		package.json
poc.js		poc.js