5
CVSSv2

CVE-2019-0941

Published: 12/06/2019 Updated: 12/06/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

A vulnerability in the IIS Server component of Microsoft Windows could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability exists because the affected software improperly filters requests when the optional request filtering feature is enabled. An attacker could exploit the vulnerability by sending a request that submits malicious input to a page configured with request filtering. A successful exploit could allow the malicious user to cause the system to stop responding, leading to a DoS condition. Microsoft confirmed the vulnerability and released software updates.

Vulnerability Trend

Recent Articles

Microsoft Patch Tuesday – June 2019
Symantec Threat Intelligence Blog • Himanshu Mehta • 12 Jun 2019

This month the vendor has patched 88 vulnerabilities, 20 of which are rated Critical.

Posted: 12 Jun, 201931 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – June 2019This month the vendor has patched 88 vulnerabilities, 20 of which are rated Critical.As always, customers are advised to follow these security best practices:


Install vendor patches as soon as they are available.
Run all software with the least privileges required while still mainta...

It is with a heavy heart that we must report that your software has bugs and needs patching: Microsoft, Adobe, SAP, Intel emit security fixes
The Register • Shaun Nichols in San Francisco • 11 Jun 2019

And Google drops a zero-day on Windows after deadline miss

Patch Tuesday Microsoft, Adobe, Intel, and SAP have all emitted their latest Patch Tuesday batch of security fixes. Users and admins are encouraged to test and install the updates as soon as humanly possible.
For those running Windows and Windows Server, you'll be interested in as many as 88 CVE-listed flaws that need addressing in Microsoft's products.
According to analysts at the Zero Day Initiative, a priority for admins should be a collection of four elevation-of-privilege vulner...

New CPDoS Web Cache Poisoning Attacks Impact Sites Using Popular CDNs
BleepingComputer • Ionut Ilascu • 01 Jan 1970

Details have emerged about a new class of web cache poisoning attacks that could be used to deny users access to resources delivered through a content delivery network (CDN).
Named Cache-Poisoned Denial of Service (CPDoS), the new method has several variations and works by sending an HTTP request with a malformed header.
CDNs have the property of reducing the traffic footprint on origin servers using their services by caching resources that are requested frequently by clients. A dire...