| CVE ID | CVE-2013-1305 |
| CVSS SCORE | 7.8, AV:N/AC:L/Au:N/C:N/I:N/A:C |
| AFFECTED VENDORS |
Microsoft |
| AFFECTED PRODUCTS |
Internet Information Services |
| TREND MICRO CUSTOMER PROTECTION | Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['12913']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com |
| VULNERABILITY DETAILS |
The specific flaw exists within handling of HTTP headers in the Windows kernel. By providing a duplicate of a particular header, an attacker is able to cause an infinite loop in the HTTP header parser. This will fully exhaust the resources of one processor on the vulnerable server and will prevent IIS from responding to any other requests. |
| ADDITIONAL DETAILS |
Microsoft has issued an update to correct this vulnerability. More details can be found at:
https://technet.microsoft.com/en-us/security/bulletin/ms13-039 |
| DISCLOSURE TIMELINE |
|
| CREDIT | Marek Kroemeke 22733db72ab3ed94b5f8a1ffcde850251fe6f466 AKAT-1 |
