ID CVE-2013-1305
Summary HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_8:-:-:x86:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_8:-:-:x86:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 12-10-2018 - 22:04)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
oval via4
accepted 2013-07-01T04:00:23.894-04:00
class vulnerability
contributors
name SecPod Team
organization SecPod Technologies
definition_extensions
  • comment Microsoft Windows 8 is installed
    oval oval:org.mitre.oval:def:15732
  • comment Microsoft Windows Server 2012 (64-bit) is installed
    oval oval:org.mitre.oval:def:15585
description HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
family windows
id oval:org.mitre.oval:def:16088
status accepted
submitted 2013-05-17T10:14:08
title Vulnerability in HTTP.sys could allow denial of service - MS13-039
version 40
refmap via4
cert TA13-134A
ms MS13-039
Last major update 12-10-2018 - 22:04
Published 15-05-2013 - 03:36
Back to Top