CVE-2015-0015

2015-01-1322:59:06

CWE-399

[email protected]

web.nvd.nist.gov

cve-2015-0015

microsoft

windows server

denial of service

nvd

radius

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

6.7 Medium

AI Score

Confidence

High

0.921 High

EPSS

Percentile

99.0%

JSON

Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (system hang and RADIUS outage) via crafted username strings to (1) Internet Authentication Service (IAS) or (2) Network Policy Server (NPS), aka “Network Policy Server RADIUS Implementation Denial of Service Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_server_2003sp2

microsoftwindows_server_2008Match-sp2

microsoftwindows_server_2008Matchr2sp1

microsoftwindows_server_2012Match-gold

microsoftwindows_server_2012Matchr2x64

CPENameOperatorVersion
microsoft:windows_server_2003microsoft windows server 2003eq*
microsoft:windows_server_2008microsoft windows server 2008eq-
microsoft:windows_server_2008microsoft windows server 2008eqr2
microsoft:windows_server_2012microsoft windows server 2012eq-
microsoft:windows_server_2012microsoft windows server 2012eqr2

CPE	Name	Operator	Version
microsoft:windows_server_2003	microsoft windows server 2003	eq	*
microsoft:windows_server_2008	microsoft windows server 2008	eq	-
microsoft:windows_server_2008	microsoft windows server 2008	eq	r2
microsoft:windows_server_2012	microsoft windows server 2012	eq	-
microsoft:windows_server_2012	microsoft windows server 2012	eq	r2