Rule Category

SERVER-IIS -- Snort has detected traffic exploiting vulnerabilities in Microsoft IIS Web Servers.

Alert Message

SERVER-IIS Microsoft IIS Range header integer overflow attempt

Rule Explanation

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability." Impact: CVSS base score 10.0 CVSS impact score 10.0 CVSS exploitability score 10.0 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE Details: Ease of Attack:

What To Look For

This rule alerts on oversized headers.

Known Usage

No public information

False Positives

No known false positives

Contributors

Talos research team.

Rule Groups

MITRE::ATT&CK Framework::Enterprise::Initial Access::Exploit Public-Facing Application

MITRE::ATT&CK Framework::Enterprise::Impact::Endpoint Denial of Service::Application or System Exploitation

CVE

Additional Links

Rule Vulnerability

Buffer Overflow

Buffer Overflows occur when a memory location is filled past its expected boundaries. Computer attackers target systems without proper terminating conditions on buffers, which then write the additional information in other locations in memory, overwriting what is there. This could corrupt the data, making the system behave erratically or crash. The new information could include malicious executable code, which might be executed.

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2015-1635
Loading description