Exploit for Vulnerability in Oracle Graalvm CVE-2022-21449

Name: Exploit for Vulnerability in Oracle Graalvm CVE-2022-21449
Rating: 5 (232 reviews)
2022-04-24 | CVSS 5.0
## https://sploitus.com/exploit?id=29679EC9-9C5B-5910-8104-E911791DA3A6
# CVE-2022-21449
Zeek script to detect exploitation attempts of CVE-2022-21449 targeting TLS clients. Only works for TLS 1.2 and below.

## Install

`zkg install https://github.com/thack1/CVE-2022-21449`

## Run

Run against supplied pcap file:

`$ zeek -Cr pcaps/CVE-2022-21449.pcap CVE-2022-21449`

## Example Notices
```
#separator \x09
#set_separator  ,
#empty_field    (empty)
#unset_field    -
#path   notice
#open   2022-04-24-13-05-55
#fields ts      uid     id.orig_h       id.orig_p       id.resp_h       id.resp_p       fuid    file_mime_type  file_desc       proto   note    msg     sub     src     dst     p       n       peer_descr      actions email_dest      suppress_for    remote_location.country_code    remote_location.region  remote_location.city  remote_location.latitude        remote_location.longitude
#types  time    string  addr    port    addr    port    string  string  string  enum    enum    string  string  addr    addr    port    count   string  set[enum]       set[string]     interval        string  string  string  double  double
1650798355.280690       CrR9204TYgm1nkpJG1      192.168.125.154 59592   192.168.125.167 443     -       -       -       tcp     CVE_2022_21449::Null_Signature  Null server signature; potential CVE-2022-21449 exploit attempt -       192.168.125.154 192.168.125.167 443     -       -       Notice::ACTION_LOG      (empty)       3600.000000     -       -       -       -       -
#close  2022-04-24-13-14-45
```

## References
1. https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/
1. https://github.com/khalednassar/CVE-2022-21449-TLS-PoC