Built off the open source project Osquery
Description: This query checks if the registry value (EnableTrailerSupport) is set or not. If this value is set, it is most likely the asset is vulnerable to this critical vulnerability CVE-2022-21907
Ref: https://isc.sans.edu/diary/rss/28234
SELECT
CASE
WHEN EXISTS (SELECT *
FROM registry
WHERE key = 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters' AND name = 'EnableTrailerSupport')
THEN 'VULNERABLE'
ELSE 'NOT_VULNERABLE'
END 'CVE-2022-21907_status';
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.