nuclei-templates/http/cves/2015/CVE-2015-1635.yaml

id: CVE-2015-1635

info:
  name: Microsoft Windows 'HTTP.sys' - Remote Code Execution
  author: Phillipo
  severity: critical
  description: |
    HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
  reference:
    - https://www.exploit-db.com/exploits/36773
    - https://www.securitysift.com/an-analysis-of-ms15-034/
    - https://nvd.nist.gov/vuln/detail/CVE-2015-1635
    - http://www.securitytracker.com/id/1032109
    - https://github.com/b1gbroth3r/shoMe
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
    cvss-score: 10
    cve-id: CVE-2015-1635
    cwe-id: CWE-94
    epss-score: 0.9754
    epss-percentile: 0.99994
    cpe: cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: microsoft
    product: windows_7
    shodan-query:
      - '"Microsoft-IIS" "2015"'
      - '"microsoft-iis" "2015"'
      - cpe:"cpe:2.3:o:microsoft:windows_7"
  tags: cve,cve2015,kev,microsoft,iis,rce

http:
  - method: GET
    path:
      - "{{BaseURL}}"
    headers:
      Range: "bytes=0-18446744073709551615"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "HTTP Error 416"
          - "The requested range is not satisfiable"
        condition: and

      - type: word
        part: header
        words:
          - "Microsoft"
# digest: 490a004630440220098bb1e7e16f1550e029d56486663dbfae1e69203999a8d8599b0639379267ca02207800afef5ec0001642d15fa91a241092955036e798a7946dd21c095aeefedef8:922c64590222798bb761d5b6d8e72950
Create CVE-2015-1635 2023-11-23 15:24:42 +00:00			`id: CVE-2015-1635`
updated matcher & info 2024-02-28 06:17:24 +00:00
Create CVE-2015-1635 2023-11-23 15:24:42 +00:00			`info:`
updated matcher & info 2024-02-28 06:17:24 +00:00			`name: Microsoft Windows 'HTTP.sys' - Remote Code Execution`
Create CVE-2015-1635 2023-11-23 15:24:42 +00:00			`author: Phillipo`
Add files via upload 2023-11-28 14:26:36 +00:00			`severity: critical`
updated matcher & info 2024-02-28 06:17:24 +00:00			`description: \|`
			`HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."`
Create CVE-2015-1635 2023-11-23 15:24:42 +00:00			`reference:`
			`- https://www.exploit-db.com/exploits/36773`
			`- https://www.securitysift.com/an-analysis-of-ms15-034/`
updated matcher & info 2024-02-28 06:17:24 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2015-1635`
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot: 2024-03-23 09:28:19 +00:00			`- http://www.securitytracker.com/id/1032109`
			`- https://github.com/b1gbroth3r/shoMe`
Create CVE-2015-1635 2023-11-23 15:24:42 +00:00			`classification:`
CVE-2015-1635 CVSS string fix 2024-03-14 14:44:19 +00:00			`cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C`
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot: 2024-03-23 09:28:19 +00:00			`cvss-score: 10`
Create CVE-2015-1635 2023-11-23 15:24:42 +00:00			`cve-id: CVE-2015-1635`
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot: 2024-03-23 09:28:19 +00:00			`cwe-id: CWE-94`
product/queries updated 2024-05-31 19:23:20 +00:00			`epss-score: 0.9754`
			`epss-percentile: 0.99994`
updated matcher & info 2024-02-28 06:17:24 +00:00			`cpe: cpe:2.3:o:microsoft:windows_7:-:sp1::::::`
			`metadata:`
			`verified: true`
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot: 2024-03-23 09:28:19 +00:00			`max-request: 1`
updated matcher & info 2024-02-28 06:17:24 +00:00			`vendor: microsoft`
			`product: windows_7`
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot: 2024-06-07 10:04:29 +00:00			`shodan-query:`
			`- '"Microsoft-IIS" "2015"'`
			`- '"microsoft-iis" "2015"'`
			`- cpe:"cpe:2.3:o:microsoft:windows_7"`
updated matcher & info 2024-02-28 06:17:24 +00:00			`tags: cve,cve2015,kev,microsoft,iis,rce`
Create CVE-2015-1635 2023-11-23 15:24:42 +00:00
Update CVE-2015-1635.yaml 2024-02-12 15:47:31 +00:00			`http:`
Add files via upload 2023-11-28 14:26:36 +00:00			`- method: GET`
			`path:`
Update CVE-2015-1635.yaml 2024-02-12 15:47:31 +00:00			`- "{{BaseURL}}"`
Add files via upload 2023-11-28 14:26:36 +00:00			`headers:`
			`Range: "bytes=0-18446744073709551615"`
Create CVE-2015-1635 2023-11-23 15:24:42 +00:00
updated matcher & info 2024-02-28 06:17:24 +00:00			`matchers-condition: and`
Create CVE-2015-1635 2023-11-23 15:24:42 +00:00			`matchers:`
			`- type: word`
updated matcher & info 2024-02-28 06:17:24 +00:00			`part: body`
Create CVE-2015-1635 2023-11-23 15:24:42 +00:00			`words:`
Update CVE-2015-1635.yaml 2024-02-12 15:47:31 +00:00			`- "HTTP Error 416"`
			`- "The requested range is not satisfiable"`
updated matcher & info 2024-02-28 06:17:24 +00:00			`condition: and`

			`- type: word`
			`part: header`
			`words:`
			`- "Microsoft"`
Auto Template Signing [Sat Jun 8 16:02:16 UTC 2024] :robot: 2024-06-08 16:02:17 +00:00			`# digest: 490a004630440220098bb1e7e16f1550e029d56486663dbfae1e69203999a8d8599b0639379267ca02207800afef5ec0001642d15fa91a241092955036e798a7946dd21c095aeefedef8:922c64590222798bb761d5b6d8e72950`