Oval Definition:	oval:org.mitre.oval:def:28782
Revision Date: 2015-08-10 Version: 23 Title: Active Directory Federation Services information disclosure vulnerability - CVE-2015-1638 (MS15-040) Description: Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability." Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2015-1638 Platform(s): Microsoft Windows Server 2012 R2 Product(s): Microsoft Active Directory Federation Services Definition Synopsis Microsoft Windows Server 2012 R2 is installed AND Microsoft Active Directory Federation Services is installed AND Check if the version of Microsoft.identityserver.dll is less than 6.3.9600.17720
BACK