# CVE-2026-23918 - Apache httpd mod_http2 double-free, pre-auth RCE
#
# Found and reported by:
#   Bartlomiej Dmitruk (striga.ai)
#   Stanislaw Strzalkowski (isec.pl)

FROM httpd:2.4.66

RUN apt-get update && apt-get install -y openssl python3 binutils procps gdbserver && rm -rf /var/lib/apt/lists/*

COPY getaddr.py /getaddr.py

RUN mkdir -p /usr/local/apache2/ssl && \
    openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
    -keyout /usr/local/apache2/ssl/server.key \
    -out /usr/local/apache2/ssl/server.crt \
    -subj "/CN=localhost" 2>/dev/null

RUN echo 'ServerRoot "/usr/local/apache2"\n\
Listen 80\n\
Listen 443\n\
LoadModule mpm_event_module modules/mod_mpm_event.so\n\
LoadModule http2_module modules/mod_http2.so\n\
LoadModule ssl_module modules/mod_ssl.so\n\
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so\n\
LoadModule unixd_module modules/mod_unixd.so\n\
LoadModule authz_core_module modules/mod_authz_core.so\n\
LoadModule log_config_module modules/mod_log_config.so\n\
LoadModule mime_module modules/mod_mime.so\n\
LoadModule dir_module modules/mod_dir.so\n\
LoadModule status_module modules/mod_status.so\n\
User www-data\n\
Group www-data\n\
ServerName localhost\n\
Protocols h2 h2c http/1.1\n\
H2Direct on\n\
H2MaxSessionStreams 100\n\
DocumentRoot "/usr/local/apache2/htdocs"\n\
<Directory "/usr/local/apache2/htdocs">\n\
    Require all granted\n\
</Directory>\n\
ErrorLog /proc/self/fd/2\n\
LogLevel http2:info\n\
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES\n\
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES\n\
SSLHonorCipherOrder on\n\
SSLProtocol all -SSLv3\n\
SSLProxyProtocol all -SSLv3\n\
SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"\n\
SSLSessionCacheTimeout 300\n\
<VirtualHost *:443>\n\
    SSLEngine on\n\
    SSLCertificateFile /usr/local/apache2/ssl/server.crt\n\
    SSLCertificateKeyFile /usr/local/apache2/ssl/server.key\n\
</VirtualHost>\n\
Include conf/extra/httpd-mpm.conf\n\
ServerLimit 3\n\
' > /usr/local/apache2/conf/httpd.conf


EXPOSE 80 443

CMD ["httpd-foreground"]
