Lucene search

[email protected]CVE-2009-2508

HistoryDec 09, 2009 - 6:30 p.m.

CVE-2009-2508

2009-12-0918:30:00

CWE-255

[email protected]

web.nvd.nist.gov

active directory federation services

adfs

microsoft

windows server

cve-2009-2508

single sign on

spoofing

vulnerability

6.4 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

30.4%

JSON

The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser’s cache, aka “Single Sign On Spoofing in ADFS Vulnerability.”

CPENameOperatorVersion
microsoft:windows_server_2008microsoft windows server 2008eq*
microsoft:windows_server_2003microsoft windows server 2003eq*

CPE	Name	Operator	Version
microsoft:windows_server_2008	microsoft windows server 2008	eq	*
microsoft:windows_server_2003	microsoft windows server 2003	eq	*

References

www.us-cert.gov/cas/techalerts/TA09-342A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-070

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5882

6.4 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

30.4%

JSON

Related for CVE-2009-2508

prion1 seebug1 openvas2 nessus1 securityvulns2