Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Microsoft Active Directory Federation Services 安全漏洞
Vulnerability Description
Microsoft Active Directory Federation Services(ADFS)是美国微软(Microsoft)公司推出的一项活动目录联合服务。该服务提供Web单一登入(SSO)技术,可实现在一次会话过程中对多个网站(或应用程序)验证某个使用者。 Microsoft ADFS 4.0及之前版本(Windows Server 2016)中存在服务器端请求伪造漏洞。远程攻击者可借助/adfs/ls中的‘txtBoxEmail’参数利用该漏洞迫使受影响的服务器向任意远程服务器发送请求。
CVSS Information
N/A
Vulnerability Type
N/A