CVE-2013-1305 - HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to caus

CVE-2013-1305

Summary

HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."

References

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8:-:-:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8:-:-:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 12-10-2018 - 22:04)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

msbulletin via4

bulletin_id	MS13-039
bulletin_url
date	2013-05-14T00:00:00
impact	Denial of Service
knowledgebase_id	2829254
knowledgebase_url
severity	Important
title	Vulnerability in HTTP.sys Could Allow Denial of Service

oval via4

accepted

2013-07-01T04:00:23.894-04:00

class

vulnerability

contributors

name	SecPod Team
organization	SecPod Technologies

definition_extensions

comment Microsoft Windows 8 is installed
oval oval:org.mitre.oval:def:15732
comment Microsoft Windows Server 2012 (64-bit) is installed
oval oval:org.mitre.oval:def:15585

description

family

windows

oval:org.mitre.oval:def:16088

status

accepted

submitted

2013-05-17T10:14:08

title

Vulnerability in HTTP.sys could allow denial of service - MS13-039

version

refmap via4

cert

TA13-134A

Last major update

12-10-2018 - 22:04

Published

15-05-2013 - 03:36

Last modified

12-10-2018 - 22:04