CVE-2022-23317 An HTTP(S) listener does not check if a request URL begins with "/", and attackers can get information by specifying it.

The attacker can exploit this information to determine the target of the vulnerable application. An attacker can send malicious requests to the application with a valid host header. The request URL will be relevant information to determine the target of the attack.

CVE-2017-7404 Cobalt Strike 5.0 and below supports the HTTP(S) listener of the listener type, which does not determine whether the request URL begins with "/".

CVE-2017-7403 In Cobalt Strike 5.0 and below, the HTTP listener does not detect requests that specify the URL.

CVE-2017-7402 In Cobalt Strike 5.0 and below, the HTTP listener does not detect requests with a host header.

CVE-2017-7401 In Cobalt Strike 5.0 and below, the HTTP listener does not detect requests with a host header.

CVE-2017-7400 In Cobalt Strike 5.0 and below, the HTTP listener does not detect requests with a host header.

CVE-2017-7299 In Cobalt Strike 5.0 and below, the HTTP listener does not detect requests with a host header.

CVE-2017-7298 In Cobalt Strike 5.0 and below, the HTTP listener does not detect requests with a host header.

CVE-2017-7297 In Cobalt Strike 5.0 and below, the HTTP listener does not detect requests with a host header.

CVE-2017

Summary

In Cobalt Strike 5.0 and below, the HTTP listener does not detect requests with a host header.

Timeline

Published on: 02/15/2022 13:15:00 UTC
Last modified on: 02/23/2022 19:19:00 UTC

References

• https://donghuangt1.com/writings/Stager/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23317