The front-end proxy processes the Transfer-Encoding: chunked , sees the 0 chunk, and ends the request. But Apache 2.4.18 keeps the socket open and interprets the subsequent GET /admin... as a second request—originating from the victim’s IP, bypassing ACLs.
This vulnerability affects the way Apache handles the LIMIT directive in .htaccess files. apache httpd 2.4.18 exploit
No remote code execution (RCE) was possible. Exploitation required: sees the 0 chunk
: The module failed to verify the integrity of encrypted session data before decryption. Because it used CBC (Cipher Block Chaining) mode without authenticated encryption, it was susceptible to a Padding Oracle Attack apache httpd 2.4.18 exploit