Cobaltstrike up to 4.5 https listener information disclosure



A vulnerability, which was classified as problematic, was found in CobaltStrike up to 4.5. Affected is an unknown function of the component HTTPS Listener. The manipulation with an unknown input leads to a information disclosure vulnerability. CWE is classifying the issue as CWE-200. This is going to have an impact on confidentiality. CVE summarizes:


The weakness was released 02/15/2022. The advisory is shared for download at This vulnerability is traded as CVE-2022-23317 since 01/18/2022. The exploitability is told to be easy. It is possible to launch the attack remotely. The successful exploitation requires a authentication. There are neither technical details nor an exploit publicly available.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

CobaltStrike’s HTTP(S) listener does not verify the request URL with “/” at the beginning, and attackers can obtain relevant information by specifying the URL.


GET stager HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0

Testing process







Sphere of influence

CobaltStrike <= 4.5

Article author: DongHuangT1
Article link: