fix forcing http/1.0

Ostorlab · Nov 13, 2024 · fdd4729 · fdd4729
1 parent 21b5771
commit fdd4729
Showing 1 changed file with 4 additions and 5 deletions.
diff --git a/agent/exploits/cve_2019_16278.py b/agent/exploits/cve_2019_16278.py
@@ -1,7 +1,6 @@
 """Agent Asteroid implementation for CVE-2019-16278"""
 
 import datetime
-import http.client as http_client
 from urllib import parse as urlparse
 
 import requests
@@ -23,6 +22,7 @@
 @exploits_registry.register
 class CVE201916278Exploit(webexploit.WebExploit):
     accept_request = definitions.Request(method="GET", path="/")
+
     metadata = definitions.VulnerabilityMetadata(
         title=VULNERABILITY_TITLE,
         description=VULNERABILITY_DESCRIPTION,
@@ -76,10 +76,9 @@ def check(self, target: definitions.Target) -> list[definitions.Vulnerability]:
             "User-Agent": "Mozilla/5.0",
         }
 
-        # Force HTTP/1.0 by setting the default version in the HTTPConnection class
-        http_client.HTTPConnection._http_vsn = 10  # type: ignore[attr-defined]
-        http_client.HTTPConnection._http_vsn_str = "HTTP/1.0"  # type: ignore[attr-defined]
-
+        # Force HTTP/1.0
+        self.session._http_vsn = 10
+        self.session._http_vsn_str = "HTTP/1.0"
         try:
             req = requests.Request(
                 method="POST", url=target_endpoint, headers=headers, data=payload