nvd-json-data-feeds/CVE-2015/CVE-2015-16xx/CVE-2015-1635.json

{
  "id": "CVE-2015-1635",
  "sourceIdentifier": "secure@microsoft.com",
  "published": "2015-04-14T20:59:01.263",
  "lastModified": "2025-01-22T17:08:42.177",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \"HTTP.sys Remote Code Execution Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "HTTP.sys en Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, y Windows Server 2012 Gold y R2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de solicitudes HTTP manipuladas, tambi\u00e9n conocido como 'vulnerabilidad de la ejecuci\u00f3n de c\u00f3digo remotos de HTTP.sys.'"
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "baseScore": 10.0,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE"
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "cisaExploitAdd": "2022-02-10",
  "cisaActionDue": "2022-08-10",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Microsoft HTTP.sys Remote Code Execution Vulnerability",
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D229E41-A971-4284-9657-16D78414B93F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*",
              "matchCriteriaId": "B320A104-9037-487E-BC9A-62B4A6B49FD0"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
              "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html",
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "http://www.osvdb.org/120629",
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ]
    },
    {
      "url": "http://www.securityfocus.com/bid/74013",
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id/1032109",
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034",
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://www.exploit-db.com/exploits/36773/",
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://www.exploit-db.com/exploits/36776/",
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "http://www.osvdb.org/120629",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ]
    },
    {
      "url": "http://www.securityfocus.com/bid/74013",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id/1032109",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://www.exploit-db.com/exploits/36773/",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://www.exploit-db.com/exploits/36776/",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2015-1635",`
			`"sourceIdentifier": "secure@microsoft.com",`
			`"published": "2015-04-14T20:59:01.263",`
Auto-Update: 2025-01-22T19:00:26.262278+00:00 2025-01-22 19:03:53 +00:00			`"lastModified": "2025-01-22T17:08:42.177",`
			`"vulnStatus": "Analyzed",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"cveTags": [],`
bootstrap 2023-04-24 12:24:31 +02:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \"HTTP.sys Remote Code Execution Vulnerability.\""`
			`},`
			`{`
			`"lang": "es",`
			`"value": "HTTP.sys en Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, y Windows Server 2012 Gold y R2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de solicitudes HTTP manipuladas, tambi\u00e9n conocido como 'vulnerabilidad de la ejecuci\u00f3n de c\u00f3digo remotos de HTTP.sys.'"`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV2": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",`
Auto-Update: 2024-11-22T23:11:09.202836+00:00 2024-11-22 23:14:22 +00:00			`"baseScore": 10.0,`
bootstrap 2023-04-24 12:24:31 +02:00			`"accessVector": "NETWORK",`
			`"accessComplexity": "LOW",`
			`"authentication": "NONE",`
			`"confidentialityImpact": "COMPLETE",`
			`"integrityImpact": "COMPLETE",`
Auto-Update: 2024-11-22T23:11:09.202836+00:00 2024-11-22 23:14:22 +00:00			`"availabilityImpact": "COMPLETE"`
bootstrap 2023-04-24 12:24:31 +02:00			`},`
			`"baseSeverity": "HIGH",`
			`"exploitabilityScore": 10.0,`
			`"impactScore": 10.0,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": false`
			`}`
			`]`
			`},`
Auto-Update: 2024-11-22T23:11:09.202836+00:00 2024-11-22 23:14:22 +00:00			`"cisaExploitAdd": "2022-02-10",`
			`"cisaActionDue": "2022-08-10",`
			`"cisaRequiredAction": "Apply updates per vendor instructions.",`
			`"cisaVulnerabilityName": "Microsoft HTTP.sys Remote Code Execution Vulnerability",`
bootstrap 2023-04-24 12:24:31 +02:00			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-94"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1::::::",`
			`"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:microsoft:windows_8:-:::::::*",`
			`"matchCriteriaId": "0D229E41-A971-4284-9657-16D78414B93F"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:::::::*",`
			`"matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::itanium:*",`
			`"matchCriteriaId": "B320A104-9037-487E-BC9A-62B4A6B49FD0"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*",`
			`"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:::::::*",`
			`"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*",`
			`"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html",`
			`"source": "secure@microsoft.com",`
			`"tags": [`
			`"Exploit",`
			`"Third Party Advisory",`
			`"VDB Entry"`
Auto-Update: 2024-04-04T08:42:25.815847+00:00 2024-04-04 08:46:00 +00:00			`]`
			`},`
			`{`
			`"url": "http://www.osvdb.org/120629",`
			`"source": "secure@microsoft.com",`
			`"tags": [`
			`"Broken Link"`
bootstrap 2023-04-24 12:24:31 +02:00			`]`
			`},`
			`{`
			`"url": "http://www.securityfocus.com/bid/74013",`
			`"source": "secure@microsoft.com",`
			`"tags": [`
			`"Third Party Advisory",`
			`"VDB Entry"`
			`]`
			`},`
			`{`
			`"url": "http://www.securitytracker.com/id/1032109",`
			`"source": "secure@microsoft.com",`
			`"tags": [`
			`"Third Party Advisory",`
			`"VDB Entry"`
			`]`
			`},`
			`{`
			`"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034",`
			`"source": "secure@microsoft.com",`
			`"tags": [`
			`"Patch",`
			`"Vendor Advisory"`
			`]`
			`},`
			`{`
			`"url": "https://www.exploit-db.com/exploits/36773/",`
			`"source": "secure@microsoft.com",`
			`"tags": [`
			`"Exploit",`
			`"Third Party Advisory",`
			`"VDB Entry"`
			`]`
			`},`
			`{`
			`"url": "https://www.exploit-db.com/exploits/36776/",`
			`"source": "secure@microsoft.com",`
			`"tags": [`
			`"Exploit",`
			`"Third Party Advisory",`
			`"VDB Entry"`
			`]`
Auto-Update: 2024-11-22T23:11:09.202836+00:00 2024-11-22 23:14:22 +00:00			`},`
			`{`
			`"url": "http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Exploit",`
			`"Third Party Advisory",`
			`"VDB Entry"`
			`]`
			`},`
			`{`
			`"url": "http://www.osvdb.org/120629",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Broken Link"`
			`]`
			`},`
			`{`
			`"url": "http://www.securityfocus.com/bid/74013",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Third Party Advisory",`
			`"VDB Entry"`
			`]`
			`},`
			`{`
			`"url": "http://www.securitytracker.com/id/1032109",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Third Party Advisory",`
			`"VDB Entry"`
			`]`
			`},`
			`{`
			`"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Patch",`
			`"Vendor Advisory"`
			`]`
			`},`
			`{`
			`"url": "https://www.exploit-db.com/exploits/36773/",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Exploit",`
			`"Third Party Advisory",`
			`"VDB Entry"`
			`]`
			`},`
			`{`
			`"url": "https://www.exploit-db.com/exploits/36776/",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Exploit",`
			`"Third Party Advisory",`
			`"VDB Entry"`
			`]`
bootstrap 2023-04-24 12:24:31 +02:00			`}`
			`]`
			`}`