Common Vulnerabilities and Exposures

Share This Post

CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability


The exploit works by spraying an IIS server via several large GET HTTP requests and finishes with a malformed HTTP request.


Windows Server 2019 and Windows 10 version 1809 are not vulnerable by default. Unless you have enabled the HTTP Trailer Support via EnableTrailerSupport registry value, the systems are not vulnerable.

This mitigation only applies to Windows Server 2019 and Windows 10, version 1809 and does not apply to Windows 10, version 20H2 and newer.

More To Explore