-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added CVE-2022-41040 #8595
base: main
Are you sure you want to change the base?
Added CVE-2022-41040 #8595
Conversation
Updated to fix matchers-condition
Edited the matcher condition so it matches on both 404 status code and the presence of "protocol" in the body. |
I think the string matcher needs to be more finely grained. e.g.
is a positive match on a lot of servers that absolutely aren't anything to do with excahnge |
Updated to include checks for Microsoft Exchange (Essentially a copy pate of /http/technologies/microsoft /ms-exchange-server.yaml)
I have updated the template to include the checks for Microsoft Exchange (Pinched from http/technologies/microsoft/ms-exchange-server.yaml). This should hopefully reduce said false positives. Any further feedback would be amazing :) |
Updated matchers to check for "X-Feserver" in header.
Updated the template to check for "X-Feserver" in the response headers. Here are the results of my tests using a vulnerable exchange server (Running Exchange 2016 CU 16) and a patched server (Running Exchange 2016 CU 23 with security patch KB5019758)
|
Hi All,
|
@PhillipoTF2, The response time to this PR was much longer than usual. In this repository, we strive to include CVEs with complete PoCs, and the shared templates do not confirm SSRF. If you have a vulnerable environment set up, could you confirm whether the following PoCs are working? Ref: https://github.com/kljunowsky/CVE-2022-41040-POC
|
Sorry for the delay on testing this. |
G'day All,
|
I've been following this PR for a while, when you have some time @princechaddha would you be able to review this so we can look to merge? Thanks! |
This PR is on hold because the following matchers look weak and can produce false positives. Additionally, they do not confirm any callback, so SSRF is not validated. @PhillipoTF2, can you share a template that confirms SSRF and works on the vulnerable version only? Also it would be helpful in validating if you share share debug data for both the hosts. cc @rxerium
|
Template / PR Information
I have created a template for CVE-2022-41040, which was added to CISA's KEV on 09/30/2022.
I have not properly validated this template however I have high confidence that this will work.
Any feedback is greatly appreciated :)
Template Validation
I've validated this template locally?
Additional Details (leave it blank if not applicable)
Additional References: