Lucene search

[email protected]CVE-2009-2509

HistoryDec 09, 2009 - 6:30 p.m.

CVE-2009-2509

2009-12-0918:30:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2009-2509

active directory federation services

adfs

microsoft

windows server

remote code execution

vulnerability

http

iis

security

nvd

7.4 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.118 Low

EPSS

Percentile

95.2%

JSON

Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka “Remote Code Execution in ADFS Vulnerability.”

CPENameOperatorVersion
microsoft:windows_server_2008microsoft windows server 2008eq*
microsoft:windows_server_2003microsoft windows server 2003eq*

CPE	Name	Operator	Version
microsoft:windows_server_2008	microsoft windows server 2008	eq	*
microsoft:windows_server_2003	microsoft windows server 2003	eq	*

References

www.us-cert.gov/cas/techalerts/TA09-342A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-070

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6441

7.4 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.118 Low

EPSS

Percentile

95.2%

JSON

Related for CVE-2009-2509

seebug1 checkpoint_advisories1 prion1 nessus1 openvas2 securityvulns2