CVE-2022-21907 PoC — HTTP Protocol Stack Remote Code Execution Vulnerability

Source

https://github.com/gpiechnik2/nmap-CVE-2022-21907

Associated Vulnerability

Title:HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2022-21907)
Description:HTTP Protocol Stack Remote Code Execution Vulnerability

Description

Repository containing nse script for vulnerability CVE-2022-21907. It is a component (IIS) vulnerability on Windows. It allows remote code execution. The vulnerability affects the kernel module http. sys, which handles most basic IIS operations.

Readme

# nmap-CVE-2022-21907
Repository containing nse script for vulnerability CVE-2022-21907. It is a component (IIS) vulnerability on Windows. It allows remote code execution. The vulnerability affects the kernel module http.sys, which handles most basic IIS operations. After uploading the payload, the server should stop working (DoS).

## Usage
```
┌──(kali㉿kali)-[~/nmap-CVE-2022-21907]
└─$ nmap <target> --script=./nmap-CVE-2022-21907.nse
(...)
PORT     STATE SERVICE    REASON  VERSION
8080/tcp open  http-proxy syn-ack
| nmap-CVE-2022-21907: 
|   VULNERABLE:
|   CVE-2022-21907 - DOS
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2022-21907
|     References:
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21907
```

## License
Same as Nmap. See https://nmap.org/book/man-legal.html

File Snapshot


 [4.0K]  /data/pocs/22224350421bd7c199f47170f01b92b10ecd67af
├── [2.5K]  nmap-CVE-2022-21907.nse
└── [ 820]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!