CVE-2022-21907
Description
HTTP Protocol Stack Remote Code Execution Vulnerability
- CVSS Version 3.1
- CVSS Version 2.0
CVE ID: CVE-2022-21907
Base Score: 9.8
Base Severity: CRITICAL
Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9
CVE ID: CVE-2022-21907
Base Score: 9.8
Base Severity: CRITICAL
Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE ID: CVE-2022-21907
Base Score: 10.0
Base Severity: HIGH
Vector String:AV:N/AC:L/Au:N/C:C/I:C/A:C
Proof Of Concept
corelight
cve-2022-21907
Refrence: GitHub
mauricelambert
CVE-2022-21907: detection, protection, exploitation and demonstration. Exploitation: Powershell, Python, Ruby, NMAP and Metasploit. Detection and protection: Powershell. Demonstration: Youtube.
Refrence: GitHub
ZZ-SOCMAP
HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907
Refrence: GitHub
xiska62314
CVE-2022-21907
Refrence: GitHub
p0dalirius
Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers
Refrence: GitHub
michelep
CVE-2022-21907 Vulnerability PoC
Refrence: GitHub
polakow
A REAL DoS exploit for CVE-2022-21907
Refrence: GitHub
gpiechnik2
Repository containing nse script for vulnerability CVE-2022-21907. It is a component (IIS) vulnerability on Windows. It allows remote code execution. The vulnerability affects the kernel module http. sys, which handles most basic IIS operations.
Refrence: GitHub
iveresk
An unauthenticated attacker can send an HTTP request with an "Accept-Encoding" HTTP request header triggering a double free in the unknown coding-list inside the HTTP Protocol Stack (http.sys) to process packets, resulting in a kernel crash.
Refrence: GitHub
iveresk
Multithread Golang application
Refrence: GitHub
Malwareman007
POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability.
Refrence: GitHub
0xmaximus
PoC for CVE-2021-31166 and CVE-2022-21907
Refrence: GitHub
cassie0206
2022 Spring Prof. 謝續平
Refrence: GitHub
EzoomE
CVE-2022-21907漏洞RCE PoC
Refrence: GitHub
asepsaepdin
Refrence: GitHub
kamal-marouane
Vulnerability in HTTP Protocol Stack Enabling Remote Code Execution and Potential System Crash.
Refrence: GitHub