Add script to discover a IIS vulnerabilty #2447

mauricelambert · 2022-03-05T21:26:57Z

This script detect a IIS vulnerability
CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability
Side effects:
- DOS attack
- Causes a Blue Screen

~# nmap -p 80 --script dos_iis_2022_21907 10.10.10.10
80/tcp open  http
| dos_iis_2022_21907:
|   VULNERABLE:
|   IIS CVE-2022-21907 DOS
|     State: VULNERABLE (Exploitable)
|     IDs:  CVE:CVE-2022-21907
|                   The IIS Web Server contains a RCE vulnerability. This script
|                   exploits this vulnerability with a DOS attack
|                   (causes a Blue Screen).
|
|     Disclosure date: 2022-01-11
|     References:
|       https://nvd.nist.gov/vuln/detail/CVE-2022-21907
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21907
|_      https://github.com/mauricelambert/CVE-2022-21907

Demonstration

- This script detect a IIS vulnerability - CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability - Side effects: - DOS attack - Causes a Blue Screen

Jimmei22 · 2022-07-09T14:19:07Z

#2447 (comment)

Add script to discover a IIS vulnerabilty

4805f32

- This script detect a IIS vulnerability - CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability - Side effects: - DOS attack - Causes a Blue Screen

nmap deleted a comment Apr 11, 2022

Merge branch 'nmap:master' into iis_dos_cve2022_21907

d96a695

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add script to discover a IIS vulnerabilty #2447

Add script to discover a IIS vulnerabilty #2447

mauricelambert commented Mar 5, 2022 •

edited

Loading

Jimmei22 commented Jul 9, 2022

Add script to discover a IIS vulnerabilty #2447

Are you sure you want to change the base?

Add script to discover a IIS vulnerabilty #2447

Conversation

mauricelambert commented Mar 5, 2022 • edited Loading

Demonstration

Jimmei22 commented Jul 9, 2022

mauricelambert commented Mar 5, 2022 •

edited

Loading