VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 12, 2019· Updated May 20, 2025

Microsoft IIS Server Denial of Service Vulnerability

CVE-2019-0941

Description

A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering. To exploit this vulnerability, an attacker could send a specially crafted request to a page utilizing request filtering. The update addresses the vulnerability by changing the way certain requests are processed by the filter.

Affected products

29
  • Microsoft/Windows 10 1507cpe-rescue
    Range: 10.0.10240.0
  • Microsoft/Windows 10 1607cpe-rescue
    Range: 10.0.14393.0
  • Microsoft/Windows 10 1703cpe-rescue
    Range: 10.0.0
  • Microsoft/Windows Server version 1709cpe-rescue
    Range: 10.0.0
  • Microsoft/Windows 10 Version 1709 for 32-bit Systemsv5
    Range: 10.0.0
  • Microsoft/Windows 10 Version 1803v5
    Range: 10.0.0
  • Microsoft/Windows 10 1809cpe-rescue
    Range: 10.0.17763.0
  • Microsoft/Windows 10 Version 1903 for 32-bit Systemsv5
    Range: 10.0.0
  • Microsoft/Windows 10 Version 1903 for ARM64-based Systemsv5
    Range: 10.0.0
  • Microsoft/Windows 10 Version 1903 for x64-based Systemsv5
    Range: 10.0.0
  • Microsoft/Windows 7cpe-rescue
    Range: 6.1.0
  • Microsoft/Windows CSC Servicecpe-rescue
    Range: 6.1.0
  • Microsoft/Windows 8.1cpe-rescue
    Range: 6.3.0
  • Microsoft/Windows Server 2008cpe-rescue3 versions
    6.1.7601.0+ 2 more
    • (no CPE)range: 6.1.7601.0
    • (no CPE)range: 6.0.0
    • (no CPE)range: 6.0.6003.0
  • Microsoft/Windows Server 2008 R2 Service Pack 1 (Server Core installation)v5
    Range: 6.1.7601.0
  • Microsoft/Windows Server 2008 R2 Systems Service Pack 1v5
    Range: 6.1.0
  • Microsoft/Windows Server 2008 Service Pack 2 (Server Core installation)v5
    Range: 6.0.6003.0
  • Microsoft/Windows Server 2012cpe-rescue2 versions
    6.2.9200.0+ 1 more
    • (no CPE)range: 6.2.9200.0
    • (no CPE)range: 6.3.9600.0
  • Microsoft/Windows Server 2012 R2 (Server Core installation)v5
    Range: 6.3.9600.0
  • Microsoft/Windows Server 2012 (Server Core installation)v5
    Range: 6.2.9200.0
  • Microsoft/Windows Server 2016cpe-rescue
    Range: 10.0.14393.0
  • Microsoft/Windows Server 2016 (Server Core installation)v5
    Range: 10.0.14393.0
  • Microsoft/Windows Server 2019cpe-rescue
    Range: 10.0.17763.0
  • Microsoft/Windows Server 2019 (Server Core installation)v5
    Range: 10.0.17763.0
  • Microsoft/Windows Server, version 1803 (Server Core Installation)v5
    Range: 10.0.0
  • Microsoft/Windows Server, version 1903 (Server Core installation)v5
    Range: 10.0.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.