{"api_version":"1","generated_at":"2026-04-26T15:10:08+00:00","cve":"CVE-2015-1635","urls":{"html":"https://cve.report/CVE-2015-1635","api":"https://cve.report/api/cve/CVE-2015-1635.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-1635","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-1635"},"summary":{"title":"CVE-2015-1635","description":"HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \"HTTP.sys Remote Code Execution Vulnerability.\"","state":"PUBLISHED","assigner":"microsoft","published_at":"2015-04-14 20:59:01","updated_at":"2026-04-22 16:42:38"},"problem_types":["CWE-94","n/a","CWE-94 CWE-94 Improper Control of Generation of Code ('Code Injection')"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034","name":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Microsoft Security Bulletin MS15-034 - Critical | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/74013","name":"http://www.securityfocus.com/bid/74013","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry","Broken Link"],"title":"Microsoft Windows HTTP Protocol Stack CVE-2015-1635 Remote Code Execution Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.osvdb.org/120629","name":"http://www.osvdb.org/120629","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.securitytracker.com/id/1032109","name":"http://www.securitytracker.com/id/1032109","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry","Broken Link"],"title":"Windows HTTP Protocol Stack ('HTTP.sys') Parsing Error Lets Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1635","name":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1635","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.exploit-db.com/exploits/36776/","name":"https://www.exploit-db.com/exploits/36776/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"MS Windows HTTP.sys - HTTP Request Parsing DoS MS15-034","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/36773/","name":"https://www.exploit-db.com/exploits/36773/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"Microsoft Window - HTTP.sys PoC MS15-034","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html","name":"http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"Microsoft Windows HTTP.sys Proof Of Concept ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-1635","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1635","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[{"source":"ADP","time":"2022-02-10T00:00:00.000Z","lang":"en","value":"CVE-2015-1635 added to CISA KEV"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"1635","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_7","cpe6":"-","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"1635","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_8","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"1635","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_8.1","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"1635","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2008","cpe6":"r2","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"itanium","cpe13":"*"},{"cve_year":"2015","cve_id":"1635","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2008","cpe6":"r2","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x64","cpe13":"*"},{"cve_year":"2015","cve_id":"1635","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2012","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"1635","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_server_2012","cpe6":"r2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2015","cve_id":"1635","cve":"CVE-2015-1635","vendorProject":"Microsoft","product":"HTTP.sys","vulnerabilityName":"Microsoft HTTP.sys Remote Code Execution Vulnerability","dateAdded":"2022-02-10","shortDescription":"Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2022-08-10","knownRansomwareCampaignUse":"Unknown","notes":"https://nvd.nist.gov/vuln/detail/CVE-2015-1635","cwes":"CWE-94","catalogVersion":"2026.04.24","updated_at":"2026-04-24 17:59:34"},"epss":{"cve_year":"2015","cve_id":"1635","cve":"CVE-2015-1635","epss":"0.943100000","percentile":"0.999480000","score_date":"2026-04-25","updated_at":"2026-04-26 00:00:23"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T04:47:17.498Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"MS15-034","tags":["vendor-advisory","x_refsource_MS","x_transferred"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034"},{"name":"36773","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/36773/"},{"name":"120629","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/120629"},{"name":"1032109","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1032109"},{"name":"74013","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/74013"},{"name":"36776","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/36776/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2015-1635","options":[{"Exploitation":"active"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-02-10T21:15:47.143349Z","version":"2.0.3"},"type":"ssvc"}},{"other":{"content":{"dateAdded":"2022-02-10","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1635"},"type":"kev"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-94","description":"CWE-94 Improper Control of Generation of Code ('Code Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-10-22T00:05:32.590Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["government-resource"],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-1635"}],"timeline":[{"lang":"en","time":"2022-02-10T00:00:00.000Z","value":"CVE-2015-1635 added to CISA KEV"}],"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2015-04-14T00:00:00.000Z","descriptions":[{"lang":"en","value":"HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \"HTTP.sys Remote Code Execution Vulnerability.\""}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-12T19:57:01.000Z","orgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","shortName":"microsoft"},"references":[{"name":"MS15-034","tags":["vendor-advisory","x_refsource_MS"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034"},{"name":"36773","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/36773/"},{"name":"120629","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/120629"},{"name":"1032109","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1032109"},{"name":"74013","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/74013"},{"name":"36776","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/36776/"},{"tags":["x_refsource_MISC"],"url":"http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2015-1635","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \"HTTP.sys Remote Code Execution Vulnerability.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"MS15-034","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-034"},{"name":"36773","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/36773/"},{"name":"120629","refsource":"OSVDB","url":"http://www.osvdb.org/120629"},{"name":"1032109","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1032109"},{"name":"74013","refsource":"BID","url":"http://www.securityfocus.com/bid/74013"},{"name":"36776","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/36776/"},{"name":"http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/131463/Microsoft-Windows-HTTP.sys-Proof-Of-Concept.html"}]}}}},"cveMetadata":{"assignerOrgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","assignerShortName":"microsoft","cveId":"CVE-2015-1635","datePublished":"2015-04-14T20:00:00.000Z","dateReserved":"2015-02-17T00:00:00.000Z","dateUpdated":"2025-10-22T00:05:32.590Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2015-04-14 20:59:01","lastModifiedDate":"2026-04-22 16:42:38","problem_types":["CWE-94","n/a","CWE-94 CWE-94 Improper Control of Generation of Code ('Code Injection')"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*","matchCriteriaId":"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*","matchCriteriaId":"0D229E41-A971-4284-9657-16D78414B93F"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*","matchCriteriaId":"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*","matchCriteriaId":"B320A104-9037-487E-BC9A-62B4A6B49FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*","matchCriteriaId":"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*","matchCriteriaId":"A7DF96F8-BA6A-4780-9CA3-F719B3F81074"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*","matchCriteriaId":"DB18C4CE-5917-401E-ACF7-2747084FD36E"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"1635","Ordinal":"1","Title":"CVE-2015-1635","CVE":"CVE-2015-1635","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"1635","Ordinal":"1","NoteData":"HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka \"HTTP.sys Remote Code Execution Vulnerability.\"","Type":"Description","Title":"CVE-2015-1635"},{"CveYear":"2015","CveId":"1635","Ordinal":"2","NoteData":"2015-04-14","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"1635","Ordinal":"3","NoteData":"2018-10-12","Type":"Other","Title":"Modified"}]}}}