Skip to content

[FALSE-POSITIVE] CVE-2022-42475 template flags vulnerable when connection is dropped by firewall #14988

Closed
#15027
Closed
[FALSE-POSITIVE] CVE-2022-42475 template flags vulnerable when connection is dropped by firewall#14988
#15027
Assignees
Akokonunes
Labels
false-positiveNuclei template reporting invalid/unexpected result
@0xSayDoo

Description

@0xSayDoo
0xSayDoo
opened on Jan 21, 2026

Template IDs or paths

code/cves/2022/CVE-2022-42475.yaml

Environment

- OS: Linux and Windows 
- Nuclei:  v3.4.10
- Go: go1.25.1

Steps To Reproduce

  1. Run the template against a target protected by a firewall/IPS/WAF that intentionally drops / tears down the connection when it detects the probe (without confirming the CVE condition).
  2. Example command (redacted target):

nuclei -t code/cves/2022/CVE-2022-42475.yaml -u https://REDACTED -debug-resp

  1. Observe that the scan reports the target as vulnerable when the TCP/TLS connection is dropped.

Relevant dumped responses

A connection drop alone should not be treated as a positive indicator of vulnerability, because many security devices intentionally cut the connection for suspicious payloads.

Anything else?

This produces frequent false positives across targets that have active defenses (firewall/IPS/WAF) configured to terminate connections on suspicious requests.

Metadata

Metadata

Assignees

Labels

false-positiveNuclei template reporting invalid/unexpected result

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions