id: CVE-2015-1635
info:
  name: HTTP.sys Remote Code Execution Vulnerability
  author: Phillipo
  severity: critical
  description: HTTP.sys in some versions of Microsoft Windows allows remote attackers to execute arbitrary code via crafted HTTP requests.
  reference:
    - https://www.exploit-db.com/exploits/36773
    - https://www.securitysift.com/an-analysis-of-ms15-034/
  classification:
    cvss-metrics: AV:N/AC:L/Au:N/C:C/I:C/A:C
    cvss-score: 10.0
    cwe-id: CWE-94
    cve-id: CVE-2015-1635
  tags: cve,cve2015,kev,microsoft

requests:
  - method: GET
    path:
      - "{{BaseURL}}/"
    headers:
      Range: "bytes=0-18446744073709551615"

    matchers:
      - type: word
        words:
          - "416"
          - "The requested range is not satisfiable"