← Voltar para CVEs
CVE-2015-1635
CRITICALCISA KEV9.8
Descricao
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado4/14/2015
Ultima modificacao4/22/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorMicrosoft
ProdutoHTTP.sys
Nome da vulnerabilidadeMicrosoft HTTP.sys Remote Code Execution Vulnerability
Data inclusao KEV2022-02-10
Prazo de remediacao2022-08-10
Uso em ransomwareUnknown
Produtos afetados
microsoft:windows_7microsoft:windows_8microsoft:windows_8.1microsoft:windows_server_2008microsoft:windows_server_2012
Fraquezas (CWE)
CWE-94CWE-94
Referencias
http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html(secure@microsoft.com)
http://www.osvdb.org/120629(secure@microsoft.com)
http://www.securityfocus.com/bid/74013(secure@microsoft.com)
http://www.securitytracker.com/id/1032109(secure@microsoft.com)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034(secure@microsoft.com)
https://www.exploit-db.com/exploits/36773/(secure@microsoft.com)
https://www.exploit-db.com/exploits/36776/(secure@microsoft.com)
http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/120629(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/74013(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1032109(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/36773/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/36776/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1635(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.