CVE-2019-1006 Usage: Enter "python CVE-2019-1006py "url"" in the terminal, where url is the URL of the RDG Gateway server to be tested For example: python CVE-2019-1006py "wwwaaacom/"
An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft .net_framework 2.0 |
||
microsoft .net_framework 3.0 |
||
microsoft .net_framework 3.5 |
||
microsoft .net_framework 4.7.2 |
||
microsoft .net_framework 4.8 |
||
microsoft .net_framework 3.5.1 |
||
microsoft .net_framework 4.5.2 |
||
microsoft .net_framework 4.6 |
||
microsoft .net_framework 4.6.1 |
||
microsoft .net_framework 4.6.2 |
||
microsoft .net_framework 4.7 |
||
microsoft .net_framework 4.7.1 |
||
microsoft windows 10 1803 |
||
microsoft windows 10 1809 |
||
microsoft windows 10 1903 |
||
microsoft windows server 2008 - |
||
microsoft sharepoint enterprise server 2016 |
||
microsoft sharepoint foundation 2013 |
||
microsoft windows rt 8.1 - |
||
microsoft windows 10 1607 |
||
microsoft windows 10 1709 |
||
microsoft windows server 2008 r2 |
||
microsoft windows server 2012 - |
||
microsoft sharepoint server 2019 |
||
microsoft identitymodel 7.0.0 |
||
microsoft windows 7 - |
||
microsoft windows 8.1 - |
||
microsoft windows server 2016 - |
||
microsoft windows server 2016 1803 |
||
microsoft windows server 2016 1903 |
||
microsoft windows server 2019 - |
||
microsoft sharepoint enterprise server 2013 |
||
microsoft sharepoint foundation 2010 |
||
microsoft windows 10 - |
||
microsoft windows 10 1703 |
||
microsoft windows server 2012 r2 |
This month the vendor has patched 77 vulnerabilities, 16 of which are rated Critical.
Posted: 10 Jul, 201922 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – July 2019This month the vendor has patched 77 vulnerabilities, 16 of which are rated Critical.As always, customers are advised to follow these security best practices: Install vendor patches as soon as they are available. Run all software with the least privileges required while still maintaining functionality. Avoid h...