Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-21449 PoC — Oracle Java SE 输入验证错误漏洞

Source
https://github.com/thack1/CVE-2022-21449
Associated Vulnerability
Title:Oracle Java SE 输入验证错误漏洞 (CVE-2022-21449)
Description:Oracle Java SE是美国甲骨文(Oracle)公司的一款用于开发和部署桌面、服务器以及嵌入设备和实时环境中的Java应用程序。 Oracle Java SE 中存在输入验证错误漏洞,该漏洞允许未经身份验证的攻击者通过多种协议进行网络访问,从而破坏 Oracle Java SE、Oracle GraalVM 企业版。成功攻击此漏洞可能导致对关键数据或所有 Oracle Java SE、Oracle GraalVM 企业版可访问数据的未经授权的创建、删除或修改访问。
Description
Zeek script to detect exploitation attempts of CVE-2022-21449 targeting TLS clients
Readme
# CVE-2022-21449
Zeek script to detect exploitation attempts of CVE-2022-21449 targeting TLS clients. Only works for TLS 1.2 and below.

## Install

`zkg install https://github.com/thack1/CVE-2022-21449`

## Run

Run against supplied pcap file:

`$ zeek -Cr pcaps/CVE-2022-21449.pcap CVE-2022-21449`

## Example Notices
```
#separator \x09
#set_separator  ,
#empty_field    (empty)
#unset_field    -
#path   notice
#open   2022-04-24-13-05-55
#fields ts      uid     id.orig_h       id.orig_p       id.resp_h       id.resp_p       fuid    file_mime_type  file_desc       proto   note    msg     sub     src     dst     p       n       peer_descr      actions email_dest      suppress_for    remote_location.country_code    remote_location.region  remote_location.city  remote_location.latitude        remote_location.longitude
#types  time    string  addr    port    addr    port    string  string  string  enum    enum    string  string  addr    addr    port    count   string  set[enum]       set[string]     interval        string  string  string  double  double
1650798355.280690       CrR9204TYgm1nkpJG1      192.168.125.154 59592   192.168.125.167 443     -       -       -       tcp     CVE_2022_21449::Null_Signature  Null server signature; potential CVE-2022-21449 exploit attempt -       192.168.125.154 192.168.125.167 443     -       -       Notice::ACTION_LOG      (empty)       3600.000000     -       -       -       -       -
#close  2022-04-24-13-14-45
```

## References
1. https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/
1. https://github.com/khalednassar/CVE-2022-21449-TLS-PoC
File Snapshot

 [4.0K]  /data/pocs/84e6b6e05ff06eb7b1eeb798bd3d74683eb5ef19
├── [4.0K]  pcaps
│   ├── [ 12K]  CVE-2022-21449.pcap
│   ├── [ 11K]  CVE-2022-21449-rn.pcap
│   ├── [ 11K]  CVE-2022-21449-rsn.pcap
│   └── [ 11K]  CVE-2022-21449-sn.pcap
├── [1.6K]  README.md
├── [4.0K]  scripts
│   ├── [2.8K]  CVE_2022_21449.zeek
│   └── [  28]  __load__.zeek
└── [  31]  zkg.meta

2 directories, 8 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.