Информационная безопасность
[RU] switch to English


DoS против Microsoft ISA Server / Forefront Threat Management Gateway
Опубликовано:15 апреля 2009 г.
Источник:
SecurityVulns ID:9840
Тип:удаленная
Уровень опасности:
6/10
Описание:DoS через TCP-соединения к обратному HTTP прокси, межсайтовый скриптинг.
Затронутые продукты:MICROSOFT : ISA Server 2004
 MICROSOFT : ISA Server 2006
 MICROSOFT : Forefront TMG
CVE:CVE-2009-0237 (Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via "authentication input" to this component, aka "Cross-Site Scripting Vulnerability.")
 CVE-2009-0077 (The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka "Web Proxy TCP State Limited Denial of Service Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS09-016 - Important Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759) (15.04.2009)
Файлы:Microsoft Security Bulletin MS09-016 - Important Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород