Shortly after CVE-2017-9798 (a.k.a. “OptionsBleed”) was announced, the good folks over at The Fuzzing Project posted a great write-up, including a quick check for the vulnerability.

I adapted it to check a list of sites, as analysts often have more than one web property to test.

for j in `cat domains.txt`; do for i in {1..20}; do curl -sI -X OPTIONS https://www.$j/| grep -i "allow:"; done >optionsbleed-https-www.$j.out ;done

This will run through a list of domains in the file domains.txt, attempting to retrieve the options header 20 times, which should be sufficient to trigger the memory leak on a sufficiently busy server. The output is saved to a file whose name reflects the domain and whether the test was http or https.

For thoroughness, you may want to run this several times, with http instead of https, and without www, as the vulnerability may depend on how the server handles different ways of accessing the content.

comments powered by Disqus