/nmap-CVE-2022-21907

Repository containing nse script for vulnerability CVE-2022-21907. It is a component (IIS) vulnerability on Windows. It allows remote code execution. The vulnerability affects the kernel module http. sys, which handles most basic IIS operations.

Primary LanguageLua

nmap-CVE-2022-21907

Repository containing nse script for vulnerability CVE-2022-21907. It is a component (IIS) vulnerability on Windows. It allows remote code execution. The vulnerability affects the kernel module http.sys, which handles most basic IIS operations. After uploading the payload, the server should stop working (DoS).

Usage

┌──(kali㉿kali)-[~/nmap-CVE-2022-21907]
└─$ nmap <target> --script=./nmap-CVE-2022-21907.nse
(...)
PORT     STATE SERVICE    REASON  VERSION
8080/tcp open  http-proxy syn-ack
| nmap-CVE-2022-21907: 
|   VULNERABLE:
|   CVE-2022-21907 - DOS
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2022-21907
|     References:
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21907

License

Same as Nmap. See https://nmap.org/book/man-legal.html