VYPR

HTTP.sys

by Microsoft

CVEs (8)

  • CVE-2022-35748HigMay 31, 2023
    risk 0.53cvss 7.5epss 0.47

    HTTP.sys Denial of Service Vulnerability

  • CVE-2018-8226HigJun 14, 2018
    risk 0.50cvss 7.5epss 0.13

    A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

  • CVE-2026-33096HigApr 14, 2026
    risk 0.49cvss 7.5epss 0.01

    Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.

  • CVE-2024-26219HigApr 9, 2024
    risk 0.49cvss 7.5epss 0.03

    HTTP.sys Denial of Service Vulnerability

  • CVE-2023-35298HigJul 11, 2023
    risk 0.49cvss 7.5epss 0.02

    HTTP.sys Denial of Service Vulnerability

  • CVE-2023-32084HigJul 11, 2023
    risk 0.49cvss 7.5epss 0.02

    HTTP.sys Denial of Service Vulnerability

  • CVE-2023-21687MedFeb 14, 2023
    risk 0.36cvss 5.5epss 0.00

    HTTP.sys Information Disclosure Vulnerability

  • CVE-2013-1305May 15, 2013
    risk 0.04cvss epss 0.55

    HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."