Signature Detail
Short Name |
HTTP:IIS:ADFS-MAL-HEADER |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Active Directory Federation Services Malicious Header Remote Code Execution |
Release Date |
2009/12/08 |
Update Number |
1551 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Active Directory Federation Services Malicious Header Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Active Directory Federation Services. A successful attack can lead to arbitrary remote code execution within the context of the affected application.
Extended Description
Microsoft Active Directory Federation Services (ADFS) is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the application, which may aid in further attacks.
Affected Products
- Microsoft Windows Server 2008 R2
- Microsoft Windows Server 2003 SP1
- Microsoft Windows Server 2003 SP2
- Microsoft Windows Server 2003 Datacenter Edition SP1
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Datacenter x64 Edition SP2
- Microsoft Windows Server 2003 Datacenter x64 Edition
- Microsoft Windows Server 2003 Enterprise Edition SP1
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Enterprise x64 Edition SP2
- Microsoft Windows Server 2003 Enterprise x64 Edition
- Microsoft Windows Server 2003 Standard Edition SP1
- Microsoft Windows Server 2003 Standard Edition SP2
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Standard x64 Edition
- Microsoft Windows Server 2003 Web Edition SP1
- Microsoft Windows Server 2003 Web Edition SP2
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows Server 2003 x64 SP1
- Microsoft Windows Server 2003 x64 SP2
- Microsoft Windows Server 2008 SP2 Beta
- Microsoft Windows Server 2008 Datacenter Edition SP2
- Microsoft Windows Server 2008 Datacenter Edition
- Microsoft Windows Server 2008 Enterprise Edition SP2
- Microsoft Windows Server 2008 Enterprise Edition
- Microsoft Windows Server 2008 for 32-bit Systems SP2
- Microsoft Windows Server 2008 for 32-bit Systems
- Microsoft Windows Server 2008 for x64-based Systems R2
- Microsoft Windows Server 2008 for x64-based Systems SP2
- Microsoft Windows Server 2008 for x64-based Systems
- Microsoft Windows Server 2008 R2 Datacenter
- Microsoft Windows Server 2008 Standard Edition SP2
- Microsoft Windows Server 2008 Standard Edition
References
- BugTraq: 37214
- CVE: CVE-2009-2509