Rewterz Threat Advisory – CVE-2019-7815 – Adobe Reader / Acrobat Information Disclosure Vulnerability
February 22, 2019Rewterz Threat Alert – Flawed Ammyy RAT (aka FlawedAmmyy RAT) Malware
February 25, 2019Rewterz Threat Advisory – CVE-2019-7815 – Adobe Reader / Acrobat Information Disclosure Vulnerability
February 22, 2019Rewterz Threat Alert – Flawed Ammyy RAT (aka FlawedAmmyy RAT) Malware
February 25, 2019Severity
High
Analysis Summary
Windows servers running Internet Information Services (IIS) are vulnerable to denial-of-service (DoS) attacks carried out through malicious HTTP/2 requests. Attackers can trigger a DoS condition by sending specially crafted HTTP/2 requests, due to which the CPU usage will temporarily spike to 100%.
Impact
Denial of service.
Affected Products
- Microsoft Windows Server 2016
- Windows Server 2016 (Server Core installation)
- Windows Server version 1709 (Server Core Installation)
- Microsoft Windows 10 Version 1607 for 32-bit Systems
- Microsoft Windows 10 Version 1607 for x64-based Systems
- Microsoft Windows 10 version 1703 for 32-bit Systems
- Microsoft Windows 10 version 1703 for x64-based Systems
- Microsoft Windows 10 version 1709 for 32-bit Systems
- Windows 10 Version 1709 for 64-based Systems
- Microsoft Windows 10 Version 1709 for ARM64-based Systems
- Microsoft Windows 10 Version 1803 for 32-bit Systems
- Microsoft Windows 10 Version 1803 for ARM64-based Systems
- Microsoft Windows 10 Version 1803 for x64-based Systems
- Windows Server Version 1803 (Server Core Installation)
Remediation
Define limits on the number of HTTP/2 settings parameters allowed over a connection. These limits are not preset by vendor and must be defined by system administrator after reviewing the HTTP/2 protocol and their environment requirements.