ID CVE-2013-1305
Summary HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_8:-:-:x86:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_8:-:-:x86:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 12-10-2018 - 22:04)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
non_vulnerable_configuration via4
    oval via4
    accepted 2013-07-01T04:00:23.894-04:00
    class vulnerability
    contributors
    name SecPod Team
    organization SecPod Technologies
    definition_extensions
    • comment Microsoft Windows 8 is installed
      oval oval:org.mitre.oval:def:15732
    • comment Microsoft Windows Server 2012 (64-bit) is installed
      oval oval:org.mitre.oval:def:15585
    description HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
    family windows
    id oval:org.mitre.oval:def:16088
    status accepted
    submitted 2013-05-17T10:14:08
    title Vulnerability in HTTP.sys could allow denial of service - MS13-039
    version 40
    refmap via4
    cert TA13-134A
    ms MS13-039
    vulnerable_product via4
      Last major update 12-10-2018 - 22:04
      Published 15-05-2013 - 03:36
      Back to Top