CVE-2016-0037

Published: Feb 10, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The forms-based authentication implementation in Active Directory Federation Services (ADFS) 3.0 in Microsoft Windows Server 2012 R2 allows remote attackers to cause a denial of service (daemon outage) via crafted data, aka "Microsoft Active Directory Federation Services Denial of Service Vulnerability."

Affected (3)

Products: Microsoft: Windows Server 2012

1 product

Windows Server 2012

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows Server 2012	Version r2
Microsoft Windows Server 2012	Version r2
Microsoft Windows Server 2012	Version r2

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://www.securityfocus.com/bid/82507

Source: secure@microsoft.com

http://www.securitytracker.com/id/1034984

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-020

Source: secure@microsoft.com

http://www.securityfocus.com/bid/82507

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1034984

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-020

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.