Remote Code Execution and DoS in HTTP.sys (IIS)

Summary

Acunetix 360 identified a Remote Code Execution and DoS in HTTP.sys (IIS) (CVE-2015-1635) in the target web server.

The vulnerability allows attackers to execute arbitrary commands on the target system.

Impact

An attacker can execute arbitrary commands on the system.

Remediation

Upgrade your system by following these instructions.

Severity

Critical

Classification

PCI v3.2-6.5.1 CAPEC-340 CWE-20 HIPAA-164.306(a) 164.308(a) ISO27001-A.14.2.5 WASC-7 OWASP 2013-A1 OWASP 2017-A1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:W/RC:C