HTTP.sys
by Microsoft
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-35748 | Hig | 0.53 | 7.5 | 0.47 | May 31, 2023 | HTTP.sys Denial of Service Vulnerability | ||
| CVE-2018-8226 | Hig | 0.50 | 7.5 | 0.13 | Jun 14, 2018 | A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||
| CVE-2026-33096 | Hig | 0.49 | 7.5 | 0.01 | Apr 14, 2026 | Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network. | ||
| CVE-2024-26219 | Hig | 0.49 | 7.5 | 0.03 | Apr 9, 2024 | HTTP.sys Denial of Service Vulnerability | ||
| CVE-2023-35298 | Hig | 0.49 | 7.5 | 0.02 | Jul 11, 2023 | HTTP.sys Denial of Service Vulnerability | ||
| CVE-2023-32084 | Hig | 0.49 | 7.5 | 0.02 | Jul 11, 2023 | HTTP.sys Denial of Service Vulnerability | ||
| CVE-2023-21687 | Med | 0.36 | 5.5 | 0.00 | Feb 14, 2023 | HTTP.sys Information Disclosure Vulnerability | ||
| CVE-2013-1305 | 0.04 | — | 0.55 | May 15, 2013 | HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability." |
- risk 0.53cvss 7.5epss 0.47
HTTP.sys Denial of Service Vulnerability
- risk 0.50cvss 7.5epss 0.13
A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
- risk 0.49cvss 7.5epss 0.01
Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.03
HTTP.sys Denial of Service Vulnerability
- risk 0.49cvss 7.5epss 0.02
HTTP.sys Denial of Service Vulnerability
- risk 0.49cvss 7.5epss 0.02
HTTP.sys Denial of Service Vulnerability
- risk 0.36cvss 5.5epss 0.00
HTTP.sys Information Disclosure Vulnerability
- CVE-2013-1305May 15, 2013risk 0.04cvss —epss 0.55
HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."