Vulnerability Details : CVE-2018-8226
A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Vulnerability category: Denial of service
Products affected by CVE-2018-8226
- cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-8226
7.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-8226
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
References for CVE-2018-8226
-
http://www.securitytracker.com/id/1041094
Windows HTTP Protocol Stack (HTTP.sys) Bugs Let Remote Users Deny Service and Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8226
CVE-2018-8226 | HTTP.sys Denial of Service VulnerabilityPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/104361
Microsoft Windows 'HTTP.sys' CVE-2018-8226 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
Jump to