Imperva Security Response to CVE-2015-1635 (Microsoft Security Bulletin MS15-034 - Critical)

Imperva SecureSphere appliances are not vulnerable to CVE-2015-1635.

To virtually patch your applications that may be vulnerable to CVE-2015-1635 with SecureSphere, Imperva recommends that customers manually implement a custom SecureSphere signature or policy which is available in the Imperva Knowledge Base (Customer Support Portal).

Due to the critical nature of this Microsoft Security Bulletin, Imperva recommends patching all of your affected Windows servers immediately.

On April 14, 2015 Microsoft published Security Bulletin MS15-034 (also known as CVE-2015-1635), which is categorized as “Critical”, and issued a patch for this vulnerability.

This vulnerability pertaining to HTTP.sys could allow remote code execution if an attacker sends a particular HTTP request to an affected Windows system. HTTP.sys was introduced with IIS 6.

The vulnerability affects the following Windows and IIS versions, which use HTTP.sys:

  • Windows 7
  • Windows Server 2008 R2
  • Windows 8
  • Windows Server 2012
  • Windows 8.1
  • Windows Server 2012 R2
These affected versions contain an integer overflow condition in the HTTP protocol stack (HTTP.sys) that is triggered when handling the 'Range' header. This may allow a remote attacker to perform a buffer overflow attack, and potentially execute arbitrary code with system privileges.

Impact to Imperva SecureSphere Customers
Imperva SecureSphere is not vulnerable because SecureSphere appliances do not leverage the Microsoft Windows operating system. As a result, SecureSphere is not susceptible to this Windows/IIS vulnerability.

Imperva recommends patching all affected Windows servers immediately.

Protecting Applications:
The Imperva Application Defense Center (ADC) will publish a signature for CVE-2015-1635 on April 28, 2015. Until that time, technical details on how to manually implement the custom signature or policy to protect vulnerable applications with SecureSphere is available in the Imperva Knowledge Base (Customer Support Portal).