CVE-2018-16794

Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.
References
Link Resource
https://seclists.org/bugtraq/2018/Sep/26 Exploit Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2018/Sep/13 Exploit Mailing List Third Party Advisory
http://packetstormsecurity.com/files/149376/Microsoft-ADFS-4.0-Windows-Server-2016-Server-Side-Request-Forgery.html Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/105378 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:microsoft:active_directory_federation_services:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

Information

Published : 2018-09-18 14:29

Updated : 2018-11-20 11:27


NVD link : CVE-2018-16794

Mitre link : CVE-2018-16794


JSON object : View

CWE
CWE-918

Server-Side Request Forgery (SSRF)

Advertisement

dedicated server usa

Products Affected

microsoft

  • windows_server_2016
  • active_directory_federation_services