Lucene search
RootSSV:60799HistoryMay 17, 2013 - 12:00 a.m.
Microsoft Windows 'HTTP.sys'远程拒绝服务漏洞(CVE-2013-1305)(MS13-039)
2013-05-1700:00:00
Root
www.seebug.org
36
0.952 High
EPSS
Percentile
99.3%
BUGTRAQ ID: 59784
CVE(CAN) ID: CVE-2013-1305
Microsoft Windows是微软公司推出的一系列操作系统。
当 HTTP 协议堆栈 (HTTP.sys) 不正确地处理恶意 HTTP 标头时,Windows Server 2012 和 Windows 8 中存在一个拒绝服务漏洞。成功利用此漏洞的攻击者可能通过向受影响的 Windows 服务器或客户端发送特制 HTTP 标头在 HTTP 协议堆栈中触发一个无限循环。
0
Microsoft Windows Windows Server 2012
Microsoft Windows RT
Microsoft Windows 8
临时解决方法:
如果您不能立刻安装补丁或者升级,建议您采取以下措施以降低威胁:
- 在企业外围防火墙上禁用TCP端口80和443。
- 根据自身情况,可以禁用IIS服务。
厂商补丁:
Microsoft
Microsoft已经为此发布了一个安全公告(MS13-039)以及相应补丁:
MS13-039:Vulnerability in HTTP.sys Could Allow Denial of Service (2829254)
链接:http://technet.microsoft.com/security/bulletin/MS13-039
Related
openvas
openvas
Microsoft Windows 'HTTP.sys' Denial of Service Vulnerability (2829254)
2013-05-15 00:00:00
Microsoft Windows 'HTTP.sys' Denial of Service Vulnerability (2829254)
2013-05-15 00:00:00
checkpoint_advisories
checkpoint_advisories
nessus
nessus
MS13-039: Vulnerability in HTTP.sys Could Allow Denial of Service (2829254)
2013-05-15 00:00:00
prion
prion
Denial of service
2013-05-15 03:36:00
nvd
nvd
CVE-2013-1305
2013-05-15 03:36:33
cve
cve
CVE-2013-1305
2013-05-15 03:36:33
zdi
zdi
Microsoft HTTP.SYS Remote Denial of Service Vulnerability
2013-05-29 00:00:00
cvelist
cvelist
CVE-2013-1305
2013-05-15 01:00:00
securityvulns
securityvulns
Microsoft Windows multiple security vulnerabilities
2013-05-27 00:00:00