CVE-2016-0037
published 2016-02-10CVE-2016-0037: The forms-based authentication implementation in Active Directory Federation Services (ADFS) 3.0 in Microsoft Windows Server 2012 R2 allows remote attackers to…
PriorityP345high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
26.26%
97.7th percentile
The forms-based authentication implementation in Active Directory Federation Services (ADFS) 3.0 in Microsoft Windows Server 2012 R2 allows remote attackers to cause a denial of service (daemon outage) via crafted data, aka "Microsoft Active Directory Federation Services Denial of Service Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2012 | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - February 2016
blogs_talos·2016-02-09·CVSS 7.8
[HIGH] Microsoft Patch Tuesday - February 2016
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains twelve bulletins addressing 37 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Internet Explorer, Edge, Windows Journal, Office and Windows PDF. The remaining seven bulletins are rated important and address vulnerabilities in the Network Policy Server (NPS), Active Directory, Windows, Remote Desktop Protocol, WebDAV, Kernel Mode Driver and the .NET Framework.
## Bulletins Rated Critical
Microsoft bulletins MS16-009, MS16-011 through MS16-013, and MS16-015 are rated as critical in this month's release.
MS16-009 and MS16-011 are this month's Internet Explorer and Edge security bulletin resp
Talos
Microsoft Patch Tuesday - February 2016
blogs_talos·2016-02-09·CVSS 7.8
[HIGH] Microsoft Patch Tuesday - February 2016
## Microsoft Patch Tuesday - February 2016
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains twelve bulletins addressing 37 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Internet Explorer, Edge, Windows Journal, Office and Windows PDF. The remaining seven bulletins are rated important and address vulnerabilities in the Network Policy Server (NPS), Active Directory, Windows, Remote Desktop Protocol, WebDAV, Kernel Mode Driver and the .NET Framework.
## Bulletins Rated Critical
Microsoft bulletins MS16-009, MS16-011 through MS16-013, and MS16-015 are rated as critical in this month's release.
MS16-009 and MS16-011 are this month's Inter
Bugzilla
CVE-2016-1515 libebml: Multiple ElementList Double Free Vulnerabilities
bugzilla·2017-01-12·CVSS 9.6
CVE-2016-1515 [CRITICAL] CVE-2016-1515 libebml: Multiple ElementList Double Free Vulnerabilities
CVE-2016-1515 libebml: Multiple ElementList Double Free Vulnerabilities
A vulnerability was found in libebml. A use after free/double free vulnerability can occur in libebml while parsing Track elements of the MKV container which would crash the application.
References:
http://www.talosintelligence.com/reports/TALOS-2016-0037/
Discussion:
Created libebml tracking bugs for this issue:
Affects: epel-all [bug 1412634]
Affects: fedora-all [bug 1412633]
---
Upon closer investigation, I believe it is a duplicate of CVE-2015-8789 (bug 1276332) and will close it as such upon confirmation from upstream.
---
*** This bug has been marked as a duplicate of bug 1276332 ***
http://www.securityfocus.com/bid/82507http://www.securitytracker.com/id/1034984https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-020http://www.securityfocus.com/bid/82507http://www.securitytracker.com/id/1034984https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-020
2016-02-10
Published