GithubHelp home page GithubHelp logo

cve-2022-21907's Introduction

CVE-2022-21907

Description

  • POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability.
  • create by antx at 2022-01-17.

Detail

  • HTTP Protocol Stack Remote Code Execution Vulnerability.
  • Similar to CVE-2021-31166.
  • This problem exists, from last year which is reported on CVE-2021-31166, and still there.

CVE Severity

  • attackComplexity: LOW
  • attackVector: NETWORK
  • availabilityImpact: HIGH
  • confidentialityImpact: HIGH
  • integrityImpact: HIGH
  • privilegesRequired: NONE
  • scope: UNCHANGED
  • userInteraction: NONE
  • version: 3.1
  • baseScore: 9.8
  • baseSeverity: CRITICAL

Affect

  • Windows
    • 10 Version 1809 for 32-bit Systems
    • 10 Version 1809 for x64-based Systems
    • 10 Version 1809 for ARM64-based Systems
    • 10 Version 21H1 for 32-bit Systems
    • 10 Version 21H1 for x64-based System
    • 10 Version 21H1 for ARM64-based Systems
    • 10 Version 20H2 for 32-bit Systems
    • 10 Version 20H2 for x64-based Systems
    • 10 Version 20H2 for ARM64-based Systems
    • 10 Version 21H2 for 32-bit Systems
    • 10 Version 21H2 for x64-based Systems
    • 10 Version 21H2 for ARM64-based Systems
    • 11 for x64-based Systems
    • 11 for ARM64-based Systems
  • Windows Server
    • 2019
    • 2019 (Core installation)
    • 2022
    • 2022 (Server Core installation)
    • version 20H2 (Server Core Installation)

POC

Mitigations

  • Windows Server 2019 and Windows 10 version 1809 are not vulnerable by default. Unless you have enabled the HTTP Trailer Support via EnableTrailerSupport registry value, the systems are not vulnerable.
  • Delete the DWORD registry value “EnableTrailerSupport” if present under: 
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
  • This mitigation only applies to Windows Server 2019 and Windows 10, version 1809 and does not apply to the Windows 20H2 and newer.

FAQ

  • How could an attacker exploit this vulnerability?
    • In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.
  • Is this wormable?
    • Yes. Microsoft recommends prioritizing the patching of affected servers.
  • Windows 10, Version 1909 is not in the Security Updates table. Is it affected by this vulnerability?
    • No, the vulnerable code does not exist in Windows 10, version 1909. It is not affected by this vulnerability.
  • Is the EnableTrailerSupport registry key present in any other platform than Windows Server 2019 and Windows 10, version 1809?
    • No, the registry key is only present in Windows Server 2019 and Windows 10, version 1809

Reference

cve-2022-21907's People

Contributors

antx-code avatar rafaelsetragni avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

dummykitty lzb960827 atlassion tmp63498 mrkoot dor0n jaky5155 qianniaoge arryboom bb33bb 3m1za4 neurocinetics jackrichardzon fate333 yougar0 waltlin crackercat k4k4 zicreamz avaudioplayer sec-fork yida223 systemk1t smallbluefox rainser zhb-web hackeyes scriptidiot prahs knooow killvxk cybermonitor goowen korallin zha0 dingxiao77 int2ecall tiaotiao97 developer191 dk47os3r jsdryan yuanshu1997 ashr msr00t kenuosec jimba86 jeromeyoung alimp5 nanaao zhouzu mfadzilr bendtheory timb-machine-mirrors ykankaya vcanev fantomtime idkwim n0-traces duckwed bahadirtmzr shen771 cosmin-bianu rafaelsetragni trashpandasec dutchcyberguy deadnumbers wrathfuldiety ltvthang lenz913 iuriimattos2 ap1e zzhsec ohio813 mostwantedduck chosenonehacks s41n1k geekonlinecode empty2081 freewhiteeagle dev0x41 heavenqaq thecryinggame veloideu afwu mehrdad-shokri gabyavra molowoxyz darknesschieftain mochizuki3310 errorlevelz zigmud 30579096 khsidussdfss johnnyconstantin

cve-2022-21907's Issues

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.