Home / Vulnerabilities / Critical / Remote Code Execution and DoS in HTTP.sys (IIS)

Remote Code Execution and DoS in HTTP.sys (IIS)

Severity: Critical

Summary#

Invicti identified a Remote Code Execution and DoS in HTTP.sys (IIS) (CVE-2015-1635) in the target web server.

The vulnerability allows attackers to execute arbitrary commands on the target system.

Impact#

An attacker can execute arbitrary commands on the system.

Remediation#

Upgrade your system by following these instructions.

Classifications#

OWASP 2017-A1, PCI v3.2-6.5.1, CAPEC-340, CWE-20, WASC-7, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:W/RC:C, OWASP 2013-A1, HIPAA-164.306(a), 164.308(a), ISO27001-A.14.2.5

Invicti Security Insights

Dead accurate, fast & easy-to-use Web Application Security Scanner