- Home
- CVEs with nessus.description==The version of Microsoft Active Directory Federation Services (ADFS) installed on the remote host is affected by the following vulnerabilities :
- Insufficient session management validation in the single sign-on functionality of ADFS could allow a remote, authenticated user to spoof the identity of another user. (CVE-2009-2508)
- Incorrect validation of request headers when a remote, authenticated user connects to an ADFS-enabled web server could be leveraged to perform actions on the affected IIS server with the same rights as the Worker Process Identity (WPI), which by default is configured with Network Service account privileges.
(CVE-2009-2509)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top