From 81534763d0c535040862a665100cf0849bb2b020 Mon Sep 17 00:00:00 2001 From: PhillipoTF2 <88005048+PhillipoTF2@users.noreply.github.com> Date: Thu, 23 Nov 2023 15:24:42 +0000 Subject: [PATCH] Create CVE-2015-1635 --- http/cves/2015/CVE-2015-1635.yaml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 http/cves/2015/CVE-2015-1635.yaml diff --git a/http/cves/2015/CVE-2015-1635.yaml b/http/cves/2015/CVE-2015-1635.yaml new file mode 100644 index 0000000000..92884857e6 --- /dev/null +++ b/http/cves/2015/CVE-2015-1635.yaml @@ -0,0 +1,31 @@ +id: CVE-2015-1635 +info: + name: HTTP.sys Remote Code Execution Vulnerability + author: Phillipo + severity: high + description: HTTP.sys in some versions of Microsoft Windows allows remote attackers to execute arbitrary code via crafted HTTP requests. + reference: + - https://www.exploit-db.com/exploits/36773 + - https://www.securitysift.com/an-analysis-of-ms15-034/ + classification: + cvss-metrics: AV:N/AC:L/Au:N/C:C/I:C/A:C + cvss-score: 10.0 + cwe-id: CWE-94 + cve-id: CVE-2015-1635 + tags: cve,cve2015,kev,microsoft + +http: + - raw: + - | + GET /welcome.png HTTP/1.1 + Host: {{Hostname}} + Range: bytes=0-18446744073709551615 + + matchers-condition: and + matchers: + - type: word + words: + - "Requested Range Not Satisfiable" + - type: status + status: + - 416 \ No newline at end of file