CVE-2016-0050

MEDIUM

Microsoft Windows Server 2008 and 2012 - Denial of Service via RADIUS Authentication Request Parsing

Title source: llm
STIX 2.1

Description

Network Policy Server (NPS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 misparses username queries, which allows remote attackers to cause a denial of service (RADIUS authentication outage) via crafted requests, aka "Network Policy Server RADIUS Implementation Denial of Service Vulnerability."

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034986

Scores

CVSS v3 5.3
EPSS 0.2066
EPSS Percentile 97.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE
CWE-20
Status published
Products (4)
microsoft/windows_server_2008
microsoft/windows_server_2008 r2 sp1
microsoft/windows_server_2012
microsoft/windows_server_2012 r2 (3 CPE variants)
Published Feb 10, 2016
Tracked Since Feb 18, 2026