Lucene search

[email protected]CVE-2009-2509

HistoryDec 09, 2009 - 6:30 p.m.

CVE-2009-2509

2009-12-0918:30:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2009-2509

active directory federation services

adfs

microsoft

windows server

remote code execution

vulnerability

http

iis

security

nvd

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.093 Low

EPSS

Percentile

94.8%

JSON

Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka “Remote Code Execution in ADFS Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_server_2003sp2

microsoftwindows_server_2008x32

microsoftwindows_server_2008x64

microsoftwindows_server_2008sp2x32

microsoftwindows_server_2008sp2x64

CPENameOperatorVersion
microsoft:windows_server_2003microsoft windows server 2003eq*
microsoft:windows_server_2008microsoft windows server 2008eq*

CPE	Name	Operator	Version
microsoft:windows_server_2003	microsoft windows server 2003	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	*

References

www.us-cert.gov/cas/techalerts/TA09-342A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-070

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6441

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.093 Low

EPSS

Percentile

94.8%

JSON

Related for CVE-2009-2509

cvelist1 prion1 seebug1 checkpoint_advisories1 nvd1 openvas2 nessus1 securityvulns2