Home / Vulnerabilities / Critical / Remote Code Execution and DoS in HTTP.sys (IIS)

Remote Code Execution and DoS in HTTP.sys (IIS)

Severity: Critical

Summary#

Invicti identified a Remote Code Execution and DoS in HTTP.sys (IIS) (CVE-2015-1635) in the target web server.

The vulnerability allows attackers to execute arbitrary commands on the target system.

Impact#

An attacker can execute arbitrary commands on the system.

Remediation#

Upgrade your system by following these instructions.

Classifications#

ISO27001-A.14.2.5, HIPAA-164.306(a), 164.308(a), PCI v3.2-6.5.1, OWASP 2013-A1, CWE-20, OWASP 2017-A1, CAPEC-340, WASC-7, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:W/RC:C

Invicti Security Insights

Related Articles

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works