CVE-2021-22017 PoC — Vmware VMware vCenter Server 授权问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-22017.yaml

Associated Vulnerability

Title:Vmware VMware vCenter Server 授权问题漏洞 (CVE-2021-22017)
Description:Vmware VMware vCenter Server是美国威睿（Vmware）公司的一套服务器和虚拟化管理软件。该软件提供了一个用于管理VMware vSphere环境的集中式平台，可自动实施和交付虚拟基础架构。 VMware vCenter Server 存在授权问题漏洞，该漏洞源于对URL规范化存在缺陷。远程攻击者可利用该漏洞发送一个特制的URL，绕过认证并访问内部端点。

Description

Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.

File Snapshot


 id: CVE-2021-22017

info:
  name: vCenter Server - Improper Access Control
  author: daffainfo
  sev

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!