Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

added metasploit http DoS module #12433

Merged
merged 5 commits into from
Dec 26, 2019
Merged

added metasploit http DoS module #12433

merged 5 commits into from
Dec 26, 2019

Conversation

deepsight
Copy link
Contributor

Adding a module for for CVE-2019-5645, Denial of Service on Metasploit framework HTTP(s) handler.

@jmartin-tech
Copy link
Contributor

Please update the disclosure date to ISO 8601 format as 2019-09-04.

[*] Running msftidy.rb in ./.git/hooks/post-merge mode
--- Checking new and changed module syntax with tools/dev/msftidy.rb ---
modules/auxiliary/dos/http/metasploit_httphandler_dos.rb - [ERROR] Incorrect disclosure date format
modules/auxiliary/dos/http/metasploit_httphandler_dos.rb - [WARNING] Please add a newline at the end of the file

@busterb busterb self-assigned this Oct 21, 2019
@busterb busterb added docs and removed needs-docs labels Dec 26, 2019
@busterb
Copy link
Contributor

busterb commented Dec 26, 2019

Updated options to take an enum, fixed some other minor things, verified function, and added module docs. Thanks @deepsight and @bcoles for the review.

busterb added a commit that referenced this pull request Dec 26, 2019
@busterb
Land #12433, add Metasploit reverse_http handler DoS module
4de482f
@busterb busterb merged commit d87f752 into rapid7:master Dec 26, 2019
@busterb
Copy link
Contributor

busterb commented Dec 26, 2019
edited by tperry-r7
Loading

Release Notes

This add a DoS module targeting a regex parsing weakness in reverse_http and reverse_https payload handlers in Metasploit 5.0.27 and below.

msjenkins-r7 pushed a commit that referenced this pull request Dec 26, 2019
@busterb @msjenkins-r7
Land #12433, add Metasploit reverse_http handler DoS module
5fab462
@jirayutza1
Copy link

Please update the disclosure date to ISO 8601 format as 2019-09-04.

[*] Running msftidy.rb in ./.git/hooks/post-merge mode
--- Checking new and changed module syntax with tools/dev/msftidy.rb ---
modules/auxiliary/dos/http/metasploit_httphandler_dos.rb - [ERROR] Incorrect disclosure date format
modules/auxiliary/dos/http/metasploit_httphandler_dos.rb - [WARNING] Please add a newline at the end of the file

Please update the disclosure date to ISO 8601 format as 2019-09-04.

[*] Running msftidy.rb in ./.git/hooks/post-merge mode
--- Checking new and changed module syntax with tools/dev/msftidy.rb ---
modules/auxiliary/dos/http/metasploit_httphandler_dos.rb - [ERROR] Incorrect disclosure date format
modules/auxiliary/dos/http/metasploit_httphandler_dos.rb - [WARNING] Please add a newline at the end of the file

@tperry-r7 tperry-r7 added the rn-enhancement release notes enhancement label Jan 14, 2020
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@bcoles bcoles bcoles left review comments

Assignees

@busterb busterb

Labels
docs module rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@deepsight @jmartin-tech @busterb @jirayutza1 @bcoles @acammack-r7 @tperry-r7