Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726) |
Informations | |||
---|---|---|---|
Name | MS09-070 | First vendor Publication | 2009-12-08 |
Vendor | Microsoft | Last vendor Modification | 2009-12-09 |
Severity (Vendor) | Important | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (December 9, 2009): Corrected the SMS 2.0 and SMS 2003 with SUIT entries for Windows Server 2003 x64 Edition Service Pack 2 in the SMS table. This is an information change only.Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted HTTP request to an ADFS-enabled Web server. An attacker would need to be an authenticated user in order to exploit either of these vulnerabilities. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS09-070.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-255 | Credentials Management |
50 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5882 | |||
Oval ID: | oval:org.mitre.oval:def:5882 | ||
Title: | Single Sign On Spoofing in ADFS Vulnerability | ||
Description: | The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2508 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6441 | |||
Oval ID: | oval:org.mitre.oval:def:6441 | ||
Title: | Remote Code Execution in ADFS Vulnerability | ||
Description: | Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2509 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 4 |
OpenVAS Exploits
Date | Description |
---|---|
2009-12-09 | Name : Microsoft Windows ADFS Remote Code Execution Vulnerability (971726) File : nvt/secpod_ms09-070.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
60836 | Microsoft Windows Active Directory Federation Services (ADFS) Request Header ... |
60835 | Microsoft Windows Active Directory Federation Services (ADFS) Single Sign-on ... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-12-10 | IAVM : 2009-A-0125 - Multiple Vulnerabilities in Microsoft Active Directory Federation Services (A... Severity : Category II - VMSKEY : V0022100 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Active Directory Federation Services code execution attempt RuleID : 20675 - Revision : 5 - Type : SERVER-IIS |
2014-01-10 | ADFS custom header arbitrary code execution attempt RuleID : 16312 - Revision : 6 - Type : SERVER-IIS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-12-08 | Name : Arbitrary code can be executed on the remote host through Microsoft Active Di... File : smb_nt_ms09-070.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:24 |
|
2014-01-19 21:30:24 |
|
2013-11-11 12:41:14 |
|