Skip to main content

Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Multiple Vulnerabilities( 15 April 2009 )

Last Update Date: 28 Jan 2011 Release Date: 15 Apr 2009 5159 Views

RISK: Medium Risk

1. Web Proxy TCP State Limited Denial of Service Vulnerability

A denial of service vulnerability exists in the way the firewall engine handles TCP state for Web proxy or Web publishing listeners. The vulnerability could allow a remote user to cause a Web listener to stop responding to new requests.

2. Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability exists in the HTML forms authentication component in ISA Server or Forefront TMG, cookieauth.dll, which could allow malicious script code to run on the machine of another user under the guise of the server running cookieauth.dll. This is a non-persistent cross-site scripting vulnerability that can lead to spoofing and information disclosure.