CVE-2022-23317 An HTTP(S) listener does not check if a request URL begins with "/", and attackers can get information by specifying it.

CVE-2022-23317 An HTTP(S) listener does not check if a request URL begins with "/", and attackers can get information by specifying it.

The attacker can exploit this information to determine the target of the vulnerable application. An attacker can send malicious requests to the application with a valid host header. The request URL will be relevant information to determine the target of the attack.

CVE-2017-7404 Cobalt Strike 5.0 and below supports the HTTP(S) listener of the listener type, which does not determine whether the request URL begins with "/".

CVE-2017-7403 In Cobalt Strike 5.0 and below, the HTTP listener does not detect requests that specify the URL.

CVE-2017-7402 In Cobalt Strike 5.0 and below, the HTTP listener does not detect requests with a host header.

CVE-2017-7401 In Cobalt Strike 5.0 and below, the HTTP listener does not detect requests with a host header.

CVE-2017-7400 In Cobalt Strike 5.0 and below, the HTTP listener does not detect requests with a host header.

CVE-2017-7299 In Cobalt Strike 5.0 and below, the HTTP listener does not detect requests with a host header.

CVE-2017-7298 In Cobalt Strike 5.0 and below, the HTTP listener does not detect requests with a host header.

CVE-2017-7297 In Cobalt Strike 5.0 and below, the HTTP listener does not detect requests with a host header.

CVE-2017

Summary

In Cobalt Strike 5.0 and below, the HTTP listener does not detect requests with a host header.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe