CVE-2013-3185

Опубликовано: 14 авг. 2013

Источник: nvd

CVSS2: 5

EPSS Средний

Описание

Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain sensitive information about the service account, and possibly conduct account-lockout attacks, by connecting to an endpoint, aka "AD FS Information Disclosure Vulnerability."

Ссылки

http://www.us-cert.gov/ncas/alerts/TA13-225A
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-066
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18318
http://www.us-cert.gov/ncas/alerts/TA13-225A
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-066
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18318

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:microsoft:active_directory_federation_services:2.0:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:active_directory_federation_services:2.1:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.26526

Средний

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-m49c-rgc9-hfgh

github

больше 3 лет назад