Absent Member.
Absent Member.

Detecting CVE-2015-1635 HTTP.sys Remote Code Execution

The HP Security Research Team has released a check via HP WebInspect for detection of the HTTP.sys Remote Code Execution vulnerability. A patch (MS15-034) has been issued by Microsoft to fix this vulnerability. Hence, it is recommended that all vulnerable servers be patched immediately.

In order to test if your IIS server is vulnerable, please smartupdate via HP WebInspect in order to receive the latest updates. To perform a targeted quick scan, create a custom policy with Check IDs 11391 and 10028. Using this policy will ensure the fastest scan possible to test your server for the vulnerability. Scans using Standard or the OWASP policies will automatically test the target server for this vulnerability.

Figure 1: View of Policy Manager with the updated check

The technical details of the vulnerability and its fix has been explained in the HP Security Research blog.

Analyzing CVE-2015-1635 from cause to cure - HP Enterprise Business Community

Labels (1)
0 Replies
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.