7.8 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
id: CVE-2015-1635
info:
name: Microsoft Windows 'HTTP.sys' - Remote Code Execution
author: Phillipo
severity: critical
description: |
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
reference:
- https://www.exploit-db.com/exploits/36773
- https://www.securitysift.com/an-analysis-of-ms15-034/
- https://nvd.nist.gov/vuln/detail/CVE-2015-1635
- http://www.securitytracker.com/id/1032109
- https://github.com/b1gbroth3r/shoMe
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
cvss-score: 10
cve-id: CVE-2015-1635
cwe-id: CWE-94
epss-score: 0.97537
epss-percentile: 0.99992
cpe: cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: microsoft
product: windows_7
shodan-query: '"Microsoft-IIS" "2015"'
tags: cve,cve2015,kev,microsoft,iis,rce
http:
- method: GET
path:
- "{{BaseURL}}"
headers:
Range: "bytes=0-18446744073709551615"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "HTTP Error 416"
- "The requested range is not satisfiable"
condition: and
- type: word
part: header
words:
- "Microsoft"
# digest: 4a0a00473045022100a635f022b45e7a586ad5e4a4564a246654390e2469d4729272954c932b441eab02204e4776dc6153c0fcae6eaca611da6998b1e8e23d7bef84872c029f267912cd1b:922c64590222798bb761d5b6d8e72950