VYPR
Low severity3.7NVD Advisory· Published Apr 12, 2017· Updated Jun 17, 2026

CVE-2017-0159

CVE-2017-0159

Description

A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability."

Affected products

6
  • cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
  • Microsoft/Windowsllm-fuzzy2 versions
    10 1607, Server 2012 R2, 2016+ 1 more
    • (no CPE)range: 10 1607, Server 2012 R2, 2016
    • (no CPE)range: Windows 10 1607, Windows Server 2012 R2, and Windows 2016

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.