This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote host contains an application that is affected by multiple
The version of Microsoft ISA Server or Forefront Threat Management
Gateway installed on the remote host is affected by one or both of the
following vulnerabilities :
- By sending a series of specially crafted packets, an
anonymous remote attacker can create orphaned open
sessions in the firewall engine, thereby denying
service to legitimate users. (CVE-2009-0077)
- A non-persistent cross-site scripting vulnerability
exists in the application due to its failure to sanitize
input to its 'cookieauth.dll' script. (CVE-2009-0237)
See also :
Microsoft has released a set of patches for ISA Server 2004 and 2006
as well as Forefront Threat Management Gateway.
Risk factor :
Medium / CVSS Base Score : 5.8
CVSS Temporal Score : 4.8
Public Exploit Available : true
Family: Windows : Microsoft Bulletins
Nessus Plugin ID: 36154 ()
Bugtraq ID: 3441434416
CVE ID: CVE-2009-0077CVE-2009-0237
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.