Skip to content
/ CVE-2022-21907 Public

HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907

License

MIT license
361 stars 98 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ZZ-SOCMAP/CVE-2022-21907

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
.gitignore
.gitignore
 
 
CVE-2022-21907.py
CVE-2022-21907.py
 
 
LICENSE
LICENSE
 
 
README.org
README.org
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

CVE-2022-21907

Description

  • POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability.
  • create by antx at 2022-01-17.

Detail

  • HTTP Protocol Stack Remote Code Execution Vulnerability.
  • Similar to CVE-2021-31166.
  • This problem exists, from last year which is reported on CVE-2021-31166, and still there.

CVE Severity

  • attackComplexity: LOW
  • attackVector: NETWORK
  • availabilityImpact: HIGH
  • confidentialityImpact: HIGH
  • integrityImpact: HIGH
  • privilegesRequired: NONE
  • scope: UNCHANGED
  • userInteraction: NONE
  • version: 3.1
  • baseScore: 9.8
  • baseSeverity: CRITICAL

Affect

  • Windows
    • 10 Version 1809 for 32-bit Systems
    • 10 Version 1809 for x64-based Systems
    • 10 Version 1809 for ARM64-based Systems
    • 10 Version 21H1 for 32-bit Systems
    • 10 Version 21H1 for x64-based System
    • 10 Version 21H1 for ARM64-based Systems
    • 10 Version 20H2 for 32-bit Systems
    • 10 Version 20H2 for x64-based Systems
    • 10 Version 20H2 for ARM64-based Systems
    • 10 Version 21H2 for 32-bit Systems
    • 10 Version 21H2 for x64-based Systems
    • 10 Version 21H2 for ARM64-based Systems
    • 11 for x64-based Systems
    • 11 for ARM64-based Systems
  • Windows Server
    • 2019
    • 2019 (Core installation)
    • 2022
    • 2022 (Server Core installation)
    • version 20H2 (Server Core Installation)

POC

Mitigations

  • Windows Server 2019 and Windows 10 version 1809 are not vulnerable by default. Unless you have enabled the HTTP Trailer Support via EnableTrailerSupport registry value, the systems are not vulnerable.
  • Delete the DWORD registry value “EnableTrailerSupport” if present under: 
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
  • This mitigation only applies to Windows Server 2019 and Windows 10, version 1809 and does not apply to the Windows 20H2 and newer.

FAQ

  • How could an attacker exploit this vulnerability?
    • In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.
  • Is this wormable?
    • Yes. Microsoft recommends prioritizing the patching of affected servers.
  • Windows 10, Version 1909 is not in the Security Updates table. Is it affected by this vulnerability?
    • No, the vulnerable code does not exist in Windows 10, version 1909. It is not affected by this vulnerability.
  • Is the EnableTrailerSupport registry key present in any other platform than Windows Server 2019 and Windows 10, version 1809?
    • No, the registry key is only present in Windows Server 2019 and Windows 10, version 1809

Reference

About

HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

361 stars

Watchers

10 watching

Forks

98 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages