← Zuruck zu CVEs
CVE-2015-1635
CRITICALCISA KEV9.8
Beschreibung
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht4/14/2015
Zuletzt geandert4/22/2026
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerMicrosoft
ProduktHTTP.sys
SchwachstellennameMicrosoft HTTP.sys Remote Code Execution Vulnerability
KEV Aufnahmedatum2022-02-10
Behebungsfrist2022-08-10
Ransomware-NutzungUnknown
Betroffene Produkte
microsoft:windows_7microsoft:windows_8microsoft:windows_8.1microsoft:windows_server_2008microsoft:windows_server_2012
Schwachen (CWE)
CWE-94CWE-94
Referenzen
http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html(secure@microsoft.com)
http://www.osvdb.org/120629(secure@microsoft.com)
http://www.securityfocus.com/bid/74013(secure@microsoft.com)
http://www.securitytracker.com/id/1032109(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034(secure@microsoft.com)
https://www.exploit-db.com/exploits/36773/(secure@microsoft.com)
https://www.exploit-db.com/exploits/36776/(secure@microsoft.com)
http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/120629(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/74013(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1032109(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/36773/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/36776/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1635(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.