CVE-2017-0159

LOW

Windows 10 1607, Windows Server 2012 R2, and Windows Server 2016 - ADFS Extranet Request Mishandling Security Bypass

Title source: llm

Description

A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability."

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/97449

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0159

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1038243

Scores

CVSS v3 3.7

EPSS 0.0505

EPSS Percentile 89.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

Status published

Products (5)

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_server_2012 r2

microsoft/windows_server_2016

Microsoft Corporation/Windows Windows 10 1607, Windows Server 2012 R2, and Windows 2016

Published Apr 12, 2017

Tracked Since Feb 18, 2026