Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Multiple Vulnerabilities( 15 April 2009 )

Last Update Date: 28 Jan 2011 Release Date: 15 Apr 2009 4524 Views

RISK: Medium Risk

Medium Risk

1. Web Proxy TCP State Limited Denial of Service Vulnerability

A denial of service vulnerability exists in the way the firewall engine handles TCP state for Web proxy or Web publishing listeners. The vulnerability could allow a remote user to cause a Web listener to stop responding to new requests.

2. Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability exists in the HTML forms authentication component in ISA Server or Forefront TMG, cookieauth.dll, which could allow malicious script code to run on the machine of another user under the guise of the server running cookieauth.dll. This is a non-persistent cross-site scripting vulnerability that can lead to spoofing and information disclosure.

Impact

  • Denial of Service

System / Technologies affected

  • Microsoft Forefront Threat Management Gateway, Medium Business Edition
  • Microsoft Internet Security and Acceleration Server 2004
  • Microsoft Internet Security and Acceleration Server 2006

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Office Excel Multiple Memory Corruption Vulnerabilities( 15 April 2009 )

15 Apr 2009 4452 Views

Next

Microsoft DirectShow MJPEG Decompression Vulnerability( 15 April 2009 )

15 Apr 2009 4461 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY