Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft ISA Server / Forefront Threat Management Gateway DoS
Published:15.04.2009
Source:
SecurityVulns ID:9840
Type:remote
Threat Level:
6/10
Description:DoS with TCP connections to reverse HTTP proxy, crossite scripting.
Affected:MICROSOFT : ISA Server 2004
 MICROSOFT : ISA Server 2006
 MICROSOFT : Forefront TMG
CVE:CVE-2009-0237 (Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via "authentication input" to this component, aka "Cross-Site Scripting Vulnerability.")
 CVE-2009-0077 (The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka "Web Proxy TCP State Limited Denial of Service Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS09-016 - Important Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759) (15.04.2009)
Files:Microsoft Security Bulletin MS09-016 - Important Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod