CVE-2016-0037 — Improper Input Validation in Microsoft Windows Server 2012

CWE-20 — Improper Input Validation5 documents4 sources

Severity

7.5HIGHNVD

EPSS

43.8%

top 2.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2012

Timeline

PublishedFeb 10

Latest updateMay 14

Description

The forms-based authentication implementation in Active Directory Federation Services (ADFS) 3.0 in Microsoft Windows Server 2012 R2 allows remote attackers to cause a denial of service (daemon outage) via crafted data, aka "Microsoft Active Directory Federation Services Denial of Service Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

🔴Vulnerability Details

GHSA

GHSA-cwpc-m69r-9cc3: The forms-based authentication implementation in Active Directory Federation Services (ADFS) 3↗2022-05-14

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - February 2016↗2016-02-09

▶

Talos

Microsoft Patch Tuesday - February 2016↗2016-02-09

▶

💬Community

Bugzilla

CVE-2016-1515 libebml: Multiple ElementList Double Free Vulnerabilities↗2017-01-12

▶