Mitigating Remote Code Execution in "HTTP.sys" (CVE-2015-1635)

A critical Windows vulnerability in its HTTP stack ("HTTP.sys"), which was resolved in a recent Microsoft's Patch Tuesday release, could allow remote attackers to execute code on an IIS server with t...
Published Apr 15, 2015
Version 1.0
0 day
0-day
ASM Advanced WAF
cve-2015-1635
exploit
http.sys
iis vulnerability
ms15-034
security
zero day
MegaZone's avatar
MegaZone
Icon for SIRT rankSIRT
Apr 22, 2015
Additonal mitigations have been published: Using iRules - https://devcentral.f5.com/s/articles/using-irules-to-mitigate-microsofts-ms15-034-cve-2015-1635-range-vulnerability Using LineRate - https://devcentral.f5.com/s/articles/linerate-range-header-attack-mitigation