Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
TitleVulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)
Informations
NameMS09-016First vendor Publication2009-04-14
VendorMicrosoftLast vendor Modification2009-07-23
Severity (Vendor) ImportantRevision1.2

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V1.2 (July 23, 2009): Added a link to Microsoft Knowledge Base Article 961759 under Known Issues in the Executive Summary.Summary: This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE). These vulnerabilities could allow denial of service if an attacker sends specially crafted network packets to the affected system, or information disclosure or spoofing if a user clicks on a malicious URL or visits a Web site that contains content controlled by the attacker.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/MS09-016.mspx

CWE : Common Weakness Enumeration

idName
CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6068
 
Oval ID: oval:org.mitre.oval:def:6068
Title: Web Proxy TCP State Limited Denial of Service Vulnerability
Description: The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka "Web Proxy TCP State Limited Denial of Service Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-0077
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Microsoft Forefront Threat Management Gateway
Microsoft Internet Security and Acceleration Server 2004
Microsoft Internet Security and Acceleration Server 2006
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5771
 
Oval ID: oval:org.mitre.oval:def:5771
Title: Cross-Site Scripting Vulnerability
Description: Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via "authentication input" to this component, aka "Cross-Site Scripting Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-0237
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows Server 2003
Product(s): Microsoft Forefront Threat Management Gateway
Microsoft Internet Security and Acceleration Server 2006
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application4

OpenVAS Exploits

DateDescription
2009-04-23Name : Microsoft ISA Server and Forefront Threat Management Gateway DoS Vulnerabilit...
File : nvt/secpod_ms09-016.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
53637Microsoft ISA Server / Forefront Threat Management Gateway (TMG) Forms Authen...
53636Microsoft ISA Server / Forefront Threat Management Gateway (TMG) Web Proxy TC...

Information Assurance Vulnerability Management (IAVM)

DateDescription
2009-04-16IAVM : 2009-T-0022 - Multiple Vulnerabilities in Microsoft ISA Server and Microsoft Forefront Thre...
Severity : Category II - VMSKEY : V0018781

Snort® IPS/IDS

DateDescription
2014-01-10Microsoft ISA and Forefront Threat Management Web Proxy TCP Listener denial o...
RuleID : 16221 - Revision : 11 - Type : OS-WINDOWS
2014-01-10Microsoft Windows ISA Server cross-site scripting attempt
RuleID : 15475 - Revision : 9 - Type : OS-WINDOWS
2014-01-10Microsoft ISA Server and Forefront Threat Management Gateway invalid RST deni...
RuleID : 15474 - Revision : 5 - Type : BAD-TRAFFIC

Nessus® Vulnerability Scanner

DateDescription
2009-04-14Name : The remote host contains an application that is affected by multiple vulnerab...
File : smb_nt_ms09-016.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-02-17 11:46:13
  • Multiple Updates
2014-01-19 21:30:18
  • Multiple Updates
2013-11-11 12:41:11
  • Multiple Updates