 |
|
|
|
| Microsoft ISA Server / Forefront Threat Management Gateway DoS | | Published: |  | 15.04.2009 | | Source: |  | MICROSOFT | | SecurityVulns ID: |  | 9840 | | Type: |  | remote | | Level: |  | 6/10 | | Description: |  | DoS with TCP connections to reverse HTTP proxy, crossite scripting. |
| Affected: |  | MICROSOFT : ISA Server 2004 | | | | MICROSOFT : ISA Server 2006 | | | | MICROSOFT : Forefront TMG | | CVE: |  | CVE-2009-0237 (Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via "authentication input" to this component, aka "Cross-Site Scripting Vulnerability.") | | | | CVE-2009-0077 (The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka "Web Proxy TCP State Limited Denial of Service Vulnerability.") |
|
|
|
|
|
|
|
|
