[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

HTTP.sys Denial of Service Vulnerability - CVE-2018-0956

ID: oval:org.secpod.oval:def:44972Date: (C)2018-04-11   (M)2024-03-06
Class: VULNERABILITYFamily: windows




A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive. To exploit this vulnerability, an attacker could send a specially crafted HTTP packet to a target system, causing the affected system to become nonresponsive. The update addresses the vulnerability by modifying how the Windows HTTP protocol stack handles HTTP 2.0 requests. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights.

Platform:
Microsoft Windows 10
Microsoft Windows Server 2016
Reference:
CVE-2018-0956
CVE    1
CVE-2018-0956
CPE    16
cpe:/o:microsoft:windows_10
cpe:/o:microsoft:windows_10:1511
cpe:/o:microsoft:windows_server_2016:::x64
cpe:/o:microsoft:windows_10:1607:::x64
...

© SecPod Technologies