cvelistv5 - CVE-2015-1635

CVE-2015-1635 (GCVE-0-2015-1635)

Vulnerability from cvelistv5 – Published: 2015-04-14 20:00 – Updated: 2025-10-22 00:05

CISA

Summary

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

microsoft

References

URL

Tags

	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	https://www.exploit-db.com/exploits/36773/	exploitx_refsource_EXPLOIT-DB
	http://www.osvdb.org/120629	vdb-entryx_refsource_OSVDB
	http://www.securitytracker.com/id/1032109	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/74013	vdb-entryx_refsource_BID
	https://www.exploit-db.com/exploits/36776/	exploitx_refsource_EXPLOIT-DB
	http://packetstormsecurity.com/files/131463/Micro…	x_refsource_MISC

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2022-02-10

Due date: 2022-08-10

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-1635

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:47:17.498Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS15-034",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034"
          },
          {
            "name": "36773",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/36773/"
          },
          {
            "name": "120629",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/120629"
          },
          {
            "name": "1032109",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032109"
          },
          {
            "name": "74013",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74013"
          },
          {
            "name": "36776",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/36776/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2015-1635",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-10T21:15:47.143349Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-02-10",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1635"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T00:05:32.590Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1635"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-02-10T00:00:00+00:00",
            "value": "CVE-2015-1635 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \"HTTP.sys Remote Code Execution Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "MS15-034",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034"
        },
        {
          "name": "36773",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/36773/"
        },
        {
          "name": "120629",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/120629"
        },
        {
          "name": "1032109",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032109"
        },
        {
          "name": "74013",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74013"
        },
        {
          "name": "36776",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/36776/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2015-1635",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \"HTTP.sys Remote Code Execution Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS15-034",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034"
            },
            {
              "name": "36773",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/36773/"
            },
            {
              "name": "120629",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/120629"
            },
            {
              "name": "1032109",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032109"
            },
            {
              "name": "74013",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74013"
            },
            {
              "name": "36776",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/36776/"
            },
            {
              "name": "http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2015-1635",
    "datePublished": "2015-04-14T20:00:00.000Z",
    "dateReserved": "2015-02-17T00:00:00.000Z",
    "dateUpdated": "2025-10-22T00:05:32.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2015-1635",
      "cwes": "[\"CWE-94\"]",
      "dateAdded": "2022-02-10",
      "dueDate": "2022-08-10",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2015-1635",
      "product": "HTTP.sys",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft HTTP.sys Remote Code Execution Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2022-08-10",
      "cisaExploitAdd": "2022-02-10",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Microsoft HTTP.sys Remote Code Execution Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D229E41-A971-4284-9657-16D78414B93F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*\", \"matchCriteriaId\": \"B320A104-9037-487E-BC9A-62B4A6B49FD0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\", \"matchCriteriaId\": \"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \\\"HTTP.sys Remote Code Execution Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"HTTP.sys en Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, y Windows Server 2012 Gold y R2 permite a atacantes remotos ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de solicitudes HTTP manipuladas, tambi\\u00e9n conocido como \u0027vulnerabilidad de la ejecuci\\u00f3n de c\\u00f3digo remotos de HTTP.sys.\u0027\"}]",
      "id": "CVE-2015-1635",
      "lastModified": "2024-11-21T02:25:49.760",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-04-14T20:59:01.263",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.osvdb.org/120629\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securityfocus.com/bid/74013\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1032109\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/36773/\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.exploit-db.com/exploits/36776/\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.osvdb.org/120629\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securityfocus.com/bid/74013\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1032109\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/36773/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.exploit-db.com/exploits/36776/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Undergoing Analysis",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-1635\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2015-04-14T20:59:01.263\",\"lastModified\":\"2025-10-22T01:16:08.353\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \\\"HTTP.sys Remote Code Execution Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"HTTP.sys en Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, y Windows Server 2012 Gold y R2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de solicitudes HTTP manipuladas, tambi\u00e9n conocido como \u0027vulnerabilidad de la ejecuci\u00f3n de c\u00f3digo remotos de HTTP.sys.\u0027\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2022-02-10\",\"cisaActionDue\":\"2022-08-10\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Microsoft HTTP.sys Remote Code Execution Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D229E41-A971-4284-9657-16D78414B93F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*\",\"matchCriteriaId\":\"B320A104-9037-487E-BC9A-62B4A6B49FD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.osvdb.org/120629\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/74013\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1032109\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/36773/\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/36776/\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.osvdb.org/120629\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/74013\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1032109\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/36773/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/36776/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1635\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034\", \"name\": \"MS15-034\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/36773/\", \"name\": \"36773\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"http://www.osvdb.org/120629\", \"name\": \"120629\", \"tags\": [\"vdb-entry\", \"x_refsource_OSVDB\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1032109\", \"name\": \"1032109\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/74013\", \"name\": \"74013\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/36776/\", \"name\": \"36776\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-06T04:47:17.498Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2015-1635\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-10T21:15:47.143349Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-02-10\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1635\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-02-10T00:00:00+00:00\", \"value\": \"CVE-2015-1635 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1635\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-10T21:15:36.400Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2015-04-14T00:00:00.000Z\", \"references\": [{\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034\", \"name\": \"MS15-034\", \"tags\": [\"vendor-advisory\", \"x_refsource_MS\"]}, {\"url\": \"https://www.exploit-db.com/exploits/36773/\", \"name\": \"36773\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"http://www.osvdb.org/120629\", \"name\": \"120629\", \"tags\": [\"vdb-entry\", \"x_refsource_OSVDB\"]}, {\"url\": \"http://www.securitytracker.com/id/1032109\", \"name\": \"1032109\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"http://www.securityfocus.com/bid/74013\", \"name\": \"74013\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://www.exploit-db.com/exploits/36776/\", \"name\": \"36776\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \\\"HTTP.sys Remote Code Execution Vulnerability.\\\"\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2018-10-12T19:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034\", \"name\": \"MS15-034\", \"refsource\": \"MS\"}, {\"url\": \"https://www.exploit-db.com/exploits/36773/\", \"name\": \"36773\", \"refsource\": \"EXPLOIT-DB\"}, {\"url\": \"http://www.osvdb.org/120629\", \"name\": \"120629\", \"refsource\": \"OSVDB\"}, {\"url\": \"http://www.securitytracker.com/id/1032109\", \"name\": \"1032109\", \"refsource\": \"SECTRACK\"}, {\"url\": \"http://www.securityfocus.com/bid/74013\", \"name\": \"74013\", \"refsource\": \"BID\"}, {\"url\": \"https://www.exploit-db.com/exploits/36776/\", \"name\": \"36776\", \"refsource\": \"EXPLOIT-DB\"}, {\"url\": \"http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html\", \"name\": \"http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \\\"HTTP.sys Remote Code Execution Vulnerability.\\\"\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2015-1635\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secure@microsoft.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2015-1635\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-22T00:05:32.590Z\", \"dateReserved\": \"2015-02-17T00:00:00.000Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2015-04-14T20:00:00.000Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2015-AVI-152

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Microsoft Windows. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows 8
Microsoft	Windows	Microsoft Windows 7 Service Pack 1
Microsoft	Windows	Microsoft Windows Server 2008 R2 Service Pack 1 édition Itanium
Microsoft	Windows	Microsoft Windows Server 2008 R2 Service Pack 1 édition x64
Microsoft	Windows	Microsoft Windows Server 2012
Microsoft	Windows	Microsoft Windows Server 2012 R2
Microsoft	Windows	Microsoft Windows 8.1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS15-034 du 14 avril 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows 8",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 7 Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 R2 Service Pack 1 \u00e9dition Itanium",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 R2 Service Pack 1 \u00e9dition x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2012",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2012 R2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-1635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1635"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-152",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft\nWindows\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS15-034 du 14 avril 2015",
      "url": "https://technet.microsoft.com/en-us/library/security/MS15-034"
    }
  ]
}

CERTFR-2015-AVI-152

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Microsoft Windows. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows 8
Microsoft	Windows	Microsoft Windows 7 Service Pack 1
Microsoft	Windows	Microsoft Windows Server 2008 R2 Service Pack 1 édition Itanium
Microsoft	Windows	Microsoft Windows Server 2008 R2 Service Pack 1 édition x64
Microsoft	Windows	Microsoft Windows Server 2012
Microsoft	Windows	Microsoft Windows Server 2012 R2
Microsoft	Windows	Microsoft Windows 8.1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS15-034 du 14 avril 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows 8",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 7 Service Pack 1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 R2 Service Pack 1 \u00e9dition Itanium",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2008 R2 Service Pack 1 \u00e9dition x64",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2012",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2012 R2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-1635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1635"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-152",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft\nWindows\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS15-034 du 14 avril 2015",
      "url": "https://technet.microsoft.com/en-us/library/security/MS15-034"
    }
  ]
}

GHSA-P8WC-6G47-VH8J

Vulnerability from github – Published: 2022-05-14 01:02 – Updated: 2025-10-22 03:30

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-1635"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-04-14T20:59:00Z",
    "severity": "HIGH"
  },
  "details": "HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \"HTTP.sys Remote Code Execution Vulnerability.\"",
  "id": "GHSA-p8wc-6g47-vh8j",
  "modified": "2025-10-22T03:30:42Z",
  "published": "2022-05-14T01:02:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1635"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1635"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/36773"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/36776"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/120629"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/74013"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032109"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2015-1635

Vulnerability from fkie_nvd - Published: 2015-04-14 20:59 - Updated: 2025-10-22 01:16

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@microsoft.com	http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html	Exploit, Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.osvdb.org/120629	Broken Link
secure@microsoft.com	http://www.securityfocus.com/bid/74013	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id/1032109	Third Party Advisory, VDB Entry
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034	Patch, Vendor Advisory
secure@microsoft.com	https://www.exploit-db.com/exploits/36773/	Exploit, Third Party Advisory, VDB Entry
secure@microsoft.com	https://www.exploit-db.com/exploits/36776/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/120629	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/74013	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032109	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/36773/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/36776/	Exploit, Third Party Advisory, VDB Entry
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1635

Impacted products

Vendor	Product	Version
microsoft	windows_7	-
microsoft	windows_8	-
microsoft	windows_8.1	-
microsoft	windows_server_2008	r2
microsoft	windows_server_2008	r2
microsoft	windows_server_2012	-
microsoft	windows_server_2012	r2

JSON

To clipboard

{
  "cisaActionDue": "2022-08-10",
  "cisaExploitAdd": "2022-02-10",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Microsoft HTTP.sys Remote Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D229E41-A971-4284-9657-16D78414B93F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*",
              "matchCriteriaId": "B320A104-9037-487E-BC9A-62B4A6B49FD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
              "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \"HTTP.sys Remote Code Execution Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "HTTP.sys en Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, y Windows Server 2012 Gold y R2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de solicitudes HTTP manipuladas, tambi\u00e9n conocido como \u0027vulnerabilidad de la ejecuci\u00f3n de c\u00f3digo remotos de HTTP.sys.\u0027"
    }
  ],
  "id": "CVE-2015-1635",
  "lastModified": "2025-10-22T01:16:08.353",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2015-04-14T20:59:01.263",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/120629"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74013"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032109"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/36773/"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/36776/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/120629"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/74013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/36773/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/36776/"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1635"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GSD-2015-1635

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-1635

Aliases

CVE-2015-1635

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-1635",
    "description": "HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \"HTTP.sys Remote Code Execution Vulnerability.\"",
    "id": "GSD-2015-1635",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2015-1635"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-1635"
      ],
      "details": "HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \"HTTP.sys Remote Code Execution Vulnerability.\"",
      "id": "GSD-2015-1635",
      "modified": "2023-12-13T01:20:05.777161Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2015-1635",
      "dateAdded": "2022-02-10",
      "dueDate": "2022-08-10",
      "product": "HTTP.sys",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability which allows for remote code execution.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft HTTP.sys Remote Code Execution Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2015-1635",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \"HTTP.sys Remote Code Execution Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "MS15-034",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034"
          },
          {
            "name": "36773",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/36773/"
          },
          {
            "name": "120629",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/120629"
          },
          {
            "name": "1032109",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032109"
          },
          {
            "name": "74013",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/74013"
          },
          {
            "name": "36776",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/36776/"
          },
          {
            "name": "http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2015-1635"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \"HTTP.sys Remote Code Execution Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032109",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1032109"
            },
            {
              "name": "36776",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/36776/"
            },
            {
              "name": "36773",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/36773/"
            },
            {
              "name": "74013",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/74013"
            },
            {
              "name": "120629",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.osvdb.org/120629"
            },
            {
              "name": "http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html"
            },
            {
              "name": "MS15-034",
              "refsource": "MS",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-05-14T19:53Z",
      "publishedDate": "2015-04-14T20:59Z"
    }
  }
}

ICSMA-17-215-02

Vulnerability from csaf_cisa - Published: 2017-08-03 00:00 - Updated: 2017-08-03 00:00

Summary

ICSMA-17-215-02_Siemens Molecular Imaging Vulnerabilities

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Exploitability

Exploits that target these vulnerabilities are publicly available.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "other",
        "text": "Exploits that target these vulnerabilities are publicly available.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "CISAservicedesk@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-17-215-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsma-17-215-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-17-215-02 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-17-215-02"
      }
    ],
    "title": "ICSMA-17-215-02_Siemens Molecular Imaging Vulnerabilities",
    "tracking": {
      "current_release_date": "2017-08-03T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA USCert CSAF Generator",
          "version": "1"
        }
      },
      "id": "ICSMA-17-215-02",
      "initial_release_date": "2017-08-03T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-08-03T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSMA-17-215-02 Siemens Molecular Imaging Vulnerabilities"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Siemens PET/CT Systems: All Windows 7-based versions",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Siemens PET/CT Systems Windows 7-Based"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Siemens SPECT/CT Systems: All Windows 7-based versions",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "Siemens SPECT/CT Systems Windows 7-Based"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Siemens SPECT Workplaces/Symbia.net: All Windows 7-based versions",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "Siemens SPECT Workplaces/Symbia.net Windows 7-Based"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "Siemens SPECT Systems: All Windows 7-based versions",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "Siemens SPECT Systems Windows 7-Based"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-1635",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An unauthenticated remote attacker could execute arbitrary code by sending specially crafted HTTP requests to the Microsoft web server (Port 80/TCP and Port 443/TCP) of affected devices.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "In addition, Siemens recommends:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "title": "CVE-2015-1635"
    },
    {
      "cve": "CVE-2015-1497",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An unauthenticated remote attacker could execute arbitrary code by sending a specially crafted request to the HP Client automation service on Port 3465/TCP of affected devices.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "In addition, Siemens recommends:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "title": "CVE-2015-1497"
    },
    {
      "cve": "CVE-2015-7861",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An unauthenticated remote attacker could execute arbitrary code by sending a specially crafted request to the HP Client automation service of affected devices.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "In addition, Siemens recommends:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "title": "CVE-2015-7861"
    },
    {
      "cve": "CVE-2015-7860",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An unauthenticated remote attacker could execute arbitrary code by sending a specially crafted request to the HP Client automation service of affected devices.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "In addition, Siemens recommends:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "title": "CVE-2015-7860"
    }
  ]
}

CNVD-2015-02422

Vulnerability from cnvd - Published: 2015-04-17

Title

Microsoft IIS远程代码执行漏洞

Description

Microsoft IIS(Internet Information Server的缩写)，是微软开发的网页服务器程序。 Microsoft IIS存在远程代码执行漏洞，该漏洞存在于HTTP协议堆栈(HTTP.sys)中，漏洞产生的原因是HTTP.sys未能正确分析经特殊设计的HTTP请求。允许攻击者利用漏洞在系统帐户的上下文中执行任意代码。

Severity

高

Patch Name

Microsoft IIS远程代码执行漏洞的补丁

Patch Description

Formal description

目前微软官方已经给出修复补丁，请广大用户参考如下链接下载修复： https://support.microsoft.com/zh-cn/kb/3042553

Reference

https://technet.microsoft.com/zh-CN/library/security/ms15-034.aspx https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1635

Impacted products

Name
['Microsoft Windows Server 2008 R2 SP1', 'Microsoft Windows 7 SP1', 'Microsoft Windows Server 2012 null', 'Microsoft Windows 8.1', 'Microsoft Windows 8', 'Microsoft Windows Server 2012 R2']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "74013"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1635"
    }
  },
  "description": "Microsoft IIS(Internet Information Server\u7684\u7f29\u5199)\uff0c\u662f\u5fae\u8f6f\u5f00\u53d1\u7684\u7f51\u9875\u670d\u52a1\u5668\u7a0b\u5e8f\u3002\r\n\r\nMicrosoft IIS\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8eHTTP\u534f\u8bae\u5806\u6808(HTTP.sys)\u4e2d\uff0c\u6f0f\u6d1e\u4ea7\u751f\u7684\u539f\u56e0\u662fHTTP.sys\u672a\u80fd\u6b63\u786e\u5206\u6790\u7ecf\u7279\u6b8a\u8bbe\u8ba1\u7684HTTP\u8bf7\u6c42\u3002\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u5728\u7cfb\u7edf\u5e10\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "rhcp011235",
  "formalWay": "\u76ee\u524d\u5fae\u8f6f\u5b98\u65b9\u5df2\u7ecf\u7ed9\u51fa\u4fee\u590d\u8865\u4e01\uff0c\u8bf7\u5e7f\u5927\u7528\u6237\u53c2\u8003\u5982\u4e0b\u94fe\u63a5\u4e0b\u8f7d\u4fee\u590d\uff1a\r\nhttps://support.microsoft.com/zh-cn/kb/3042553",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02422",
  "openTime": "2015-04-17",
  "patchDescription": "Microsoft IIS(Internet Information Server\u7684\u7f29\u5199)\uff0c\u662f\u5fae\u8f6f\u5f00\u53d1\u7684\u7f51\u9875\u670d\u52a1\u5668\u7a0b\u5e8f\u3002\r\nMicrosoft IIS\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8eHTTP\u534f\u8bae\u5806\u6808(HTTP.sys)\u4e2d\uff0c\u6f0f\u6d1e\u4ea7\u751f\u7684\u539f\u56e0\u662fHTTP.sys\u672a\u80fd\u6b63\u786e\u5206\u6790\u7ecf\u7279\u6b8a\u8bbe\u8ba1\u7684HTTP\u8bf7\u6c42\u3002\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u5728\u7cfb\u7edf\u5e10\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft IIS\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows Server 2008 R2 SP1",
      "Microsoft Windows 7 SP1",
      "Microsoft Windows Server 2012 null",
      "Microsoft Windows 8.1",
      "Microsoft Windows 8",
      "Microsoft Windows Server 2012 R2"
    ]
  },
  "referenceLink": "https://technet.microsoft.com/zh-CN/library/security/ms15-034.aspx\r\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1635",
  "serverity": "\u9ad8",
  "submitTime": "2015-04-16",
  "title": "Microsoft IIS\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-1635 (GCVE-0-2015-1635)

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

CERTFR-2015-AVI-152

Solution

CERTFR-2015-AVI-152

Solution

GHSA-P8WC-6G47-VH8J

FKIE_CVE-2015-1635

GSD-2015-1635

ICSMA-17-215-02

CNVD-2015-02422

Tags

Sightings

Nomenclature