Apache Httpd 2.4.18 Exploit

This is the crown jewel for Apache 2.4.18 exploitation. The HTTP/2 module improperly handled certain pseudo-headers ( :method , :path , :scheme ). By crafting a request with invalid header order or zero-length headers, an attacker could cause the server to misinterpret the start of a new request.