Summary

Netsparker identified a Remote Code Execution and DoS in HTTP.sys (IIS) (CVE-2015-1635) in the target web server.

The vulnerability allows attackers to execute arbitrary commands on the target system.

Impact

An attacker can execute arbitrary commands on the system.

Remediation
Upgrade your system by following these instructions.
Classifications
PCI v3.1-6.5.1, PCI v3.2-6.5.1, CAPEC-340, WASC-7, OWASP 2013-A1 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:W/RC:C