CVE-2022-35748

Опубликовано: 09 авг. 2022

Источник: msrc

CVSS3: 7.5

EPSS Средний

Описание

HTTP.sys Denial of Service Vulnerability

FAQ

How could an attacker exploit this vulnerability?

In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the Server Name Indication (SNI) over HTTP Protocol Stack (http.sys) to process packets, causing a denial of service (DOS).

Обновления

Продукт	Статья	Обновление
Windows Server 2012	5016672 5016684	Monthly Rollup Security Only
Windows Server 2012 (Server Core installation)	5016672 5016684	Monthly Rollup Security Only
Windows Server 2012 R2	5016681 5016683	Monthly Rollup Security Only
Windows Server 2012 R2 (Server Core installation)	5016681 5016683	Monthly Rollup Security Only
Windows Server 2016	5016622	Security Update
Windows Server 2016 (Server Core installation)	5016622	Security Update
Windows Server 2019	5016623	Security Update
Windows Server 2019 (Server Core installation)	5016623	Security Update
Windows Server, version 20H2 (Server Core Installation)	5016616	Security Update
Windows Server 2022	5016627	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation More Likely

Older Software Release

Exploitation More Likely

DOS

N/A

EPSS

Процентиль: 98%

0.47503

Средний

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-35748

CVSS3: 7.5

nvd

около 2 лет назад

HTTP.sys Denial of Service Vulnerability

GHSA-93x6-prf7-8r9f

CVSS3: 7.5

github

около 2 лет назад

HTTP.sys Denial of Service Vulnerability

BDU:2022-05288

CVSS3: 7.5

fstec

почти 3 года назад

Уязвимость драйвера HTTP.sys операционной системы Windows, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 98%

0.47503

Средний

7.5 High

CVSS3