cvelistv5 - cve-2009-0237

cve-2009-0237

Vulnerability from cvelistv5

Published

2009-04-15 03:49

Modified

2024-08-07 04:24

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://osvdb.org/53637
secure@microsoft.com	http://secunia.com/advisories/34687
secure@microsoft.com	http://www.securitytracker.com/id?1022046
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-104A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2009/1030
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-016
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5771
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/53637
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34687
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1022046
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-104A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1030
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-016
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5771

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:24:18.379Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS09-016",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-016"
          },
          {
            "name": "53637",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/53637"
          },
          {
            "name": "TA09-104A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:5771",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5771"
          },
          {
            "name": "ADV-2009-1030",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1030"
          },
          {
            "name": "1022046",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022046"
          },
          {
            "name": "34687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34687"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-04-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via \"authentication input\" to this component, aka \"Cross-Site Scripting Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "MS09-016",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-016"
        },
        {
          "name": "53637",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/53637"
        },
        {
          "name": "TA09-104A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:5771",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5771"
        },
        {
          "name": "ADV-2009-1030",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1030"
        },
        {
          "name": "1022046",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022046"
        },
        {
          "name": "34687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34687"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-0237",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via \"authentication input\" to this component, aka \"Cross-Site Scripting Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS09-016",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-016"
            },
            {
              "name": "53637",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/53637"
            },
            {
              "name": "TA09-104A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:5771",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5771"
            },
            {
              "name": "ADV-2009-1030",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1030"
            },
            {
              "name": "1022046",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022046"
            },
            {
              "name": "34687",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34687"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-0237",
    "datePublished": "2009-04-15T03:49:00",
    "dateReserved": "2009-01-20T00:00:00",
    "dateUpdated": "2024-08-07T04:24:18.379Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0237\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2009-04-15T08:00:00.577\",\"lastModified\":\"2024-11-21T00:59:24.857\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via \\\"authentication input\\\" to this component, aka \\\"Cross-Site Scripting Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en cookieauth.dll en el componente HTML forms authentication en Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); e Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, y 2006 SP1; permite a atacantes remotos inyectar c\u00f3digo web script o HTML de su elecci\u00f3n a trav\u00e9s de \\\"entrada de autenticaci\u00f3n\\\" a este componente, tambi\u00e9n conocido como \\\"Vulnerabilidad de secuencias de comandos en sitios cruzados\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:forefront_threat_management_gateway:-:-:medium_business:*:*:*:*:*\",\"matchCriteriaId\":\"034CCD4A-9B8D-466F-AEE7-82D25613BA67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_security_and_acceleration_server:2004:sp3:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"234D43DB-0FC3-4B94-8883-EEE99A427E69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_security_and_acceleration_server:2004:sp3:standard:*:*:*:*:*\",\"matchCriteriaId\":\"64ACA6AB-44C3-4B33-BEA1-04DFF004FA7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_security_and_acceleration_server:2006:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"62CDCE9A-440C-4268-9430-BCD5E79D6ABD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_security_and_acceleration_server:2006:supportability:*:*:*:*:*:*\",\"matchCriteriaId\":\"9171409D-53E1-472B-A8E8-A3471C4F3BC5\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/53637\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/34687\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1022046\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-104A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1030\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-016\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5771\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://osvdb.org/53637\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34687\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1022046\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-104A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1030\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-016\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5771\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2009-0237

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-0237

Aliases

CVE-2009-0237

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0237",
    "description": "Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via \"authentication input\" to this component, aka \"Cross-Site Scripting Vulnerability.\"",
    "id": "GSD-2009-0237"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0237"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via \"authentication input\" to this component, aka \"Cross-Site Scripting Vulnerability.\"",
      "id": "GSD-2009-0237",
      "modified": "2023-12-13T01:19:44.912595Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2009-0237",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via \"authentication input\" to this component, aka \"Cross-Site Scripting Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "MS09-016",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-016"
          },
          {
            "name": "53637",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/53637"
          },
          {
            "name": "TA09-104A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:5771",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5771"
          },
          {
            "name": "ADV-2009-1030",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1030"
          },
          {
            "name": "1022046",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1022046"
          },
          {
            "name": "34687",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34687"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_security_and_acceleration_server:2006:supportability:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_security_and_acceleration_server:2006:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:forefront_threat_management_gateway:-:-:medium_business:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_security_and_acceleration_server:2004:sp3:standard:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_security_and_acceleration_server:2004:sp3:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-0237"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via \"authentication input\" to this component, aka \"Cross-Site Scripting Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "53637",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/53637"
            },
            {
              "name": "34687",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34687"
            },
            {
              "name": "TA09-104A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
            },
            {
              "name": "1022046",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1022046"
            },
            {
              "name": "ADV-2009-1030",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1030"
            },
            {
              "name": "oval:org.mitre.oval:def:5771",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5771"
            },
            {
              "name": "MS09-016",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-016"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-12T21:50Z",
      "publishedDate": "2009-04-15T08:00Z"
    }
  }
}

ghsa-xxfx-h76g-4vhr

Vulnerability from github

Published

2022-05-02 03:13

Modified

2022-05-02 03:13

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0237"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-04-15T08:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via \"authentication input\" to this component, aka \"Cross-Site Scripting Vulnerability.\"",
  "id": "GHSA-xxfx-h76g-4vhr",
  "modified": "2022-05-02T03:13:43Z",
  "published": "2022-05-02T03:13:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0237"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-016"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5771"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/53637"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34687"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1022046"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1030"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2009-0237

Vulnerability from fkie_nvd

Published

2009-04-15 08:00

Modified

2024-11-21 00:59

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://osvdb.org/53637
secure@microsoft.com	http://secunia.com/advisories/34687
secure@microsoft.com	http://www.securitytracker.com/id?1022046
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-104A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2009/1030
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-016
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5771
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/53637
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34687
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1022046
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-104A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1030
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-016
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5771

Impacted products

Vendor	Product	Version
microsoft	forefront_threat_management_gateway	-
microsoft	internet_security_and_acceleration_server	2004
microsoft	internet_security_and_acceleration_server	2004
microsoft	internet_security_and_acceleration_server	2006
microsoft	internet_security_and_acceleration_server	2006

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_threat_management_gateway:-:-:medium_business:*:*:*:*:*",
              "matchCriteriaId": "034CCD4A-9B8D-466F-AEE7-82D25613BA67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_security_and_acceleration_server:2004:sp3:enterprise:*:*:*:*:*",
              "matchCriteriaId": "234D43DB-0FC3-4B94-8883-EEE99A427E69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_security_and_acceleration_server:2004:sp3:standard:*:*:*:*:*",
              "matchCriteriaId": "64ACA6AB-44C3-4B33-BEA1-04DFF004FA7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_security_and_acceleration_server:2006:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "62CDCE9A-440C-4268-9430-BCD5E79D6ABD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_security_and_acceleration_server:2006:supportability:*:*:*:*:*:*",
              "matchCriteriaId": "9171409D-53E1-472B-A8E8-A3471C4F3BC5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via \"authentication input\" to this component, aka \"Cross-Site Scripting Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en cookieauth.dll en el componente HTML forms authentication en Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); e Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, y 2006 SP1; permite a atacantes remotos inyectar c\u00f3digo web script o HTML de su elecci\u00f3n a trav\u00e9s de \"entrada de autenticaci\u00f3n\" a este componente, tambi\u00e9n conocido como \"Vulnerabilidad de secuencias de comandos en sitios cruzados\"."
    }
  ],
  "id": "CVE-2009-0237",
  "lastModified": "2024-11-21T00:59:24.857",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-04-15T08:00:00.577",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/53637"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/34687"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1022046"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2009/1030"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-016"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/53637"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5771"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via "authentication input" to this component, aka "Cross-Site Scripting Vulnerability.". An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                National Cyber Alert System

          Technical Cyber Security Alert TA09-104A

Microsoft Updates for Multiple Vulnerabilities

Original release date: April 14, 2009 Last revised: -- Source: US-CERT

Systems Affected

 * Microsoft Windows
 * Microsoft Office
 * Microsoft Windows Server
 * Microsoft ISA Server

Overview

Microsoft has released updates that address vulnerabilities in Microsoft Windows, Office, Windows Server, and ISA Server.

I. Description

As part of the Microsoft Security Bulletin Summary for April 2009, Microsoft released updates to address vulnerabilities that affect Microsoft Windows, Office, Windows Server, and ISA Server.

II.

III. Solution

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for April 2009. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

IV. References

Microsoft Security Bulletin Summary for April 2009 - http://www.microsoft.com/technet/security/bulletin/ms09-apr.mspx
Microsoft Windows Server Update Services - http://technet.microsoft.com/en-us/wsus/default.aspx

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA09-104A.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-104A Feedback VU#999892" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2009 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

April 14, 2009: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSeTi+XIHljM+H4irAQIIWQf/TWAkmQKay9j5fDLBcyMGJ3icTpG05Zp2 rM8UXMjKohKcDBhY1K9mxKxif5L81+y87PlBz/WTl3icn+57wAGMl/pAAeTz3Hp3 T98eKMXfzvVU57WDGGxy+4Ad57DIIF5hRkiGusDjnNJfd5kdH7q+8rPjPCUvtYAu H+0auzCpmob7NsIv/YuRXIHekkLiX5GPanhecy+mve1cvbSpXGKF9vf7LEGaFEsT 1XOtTeY0r4TjZEk/c5ahKqGehJINujvv4eVdiajqDOCVecaALi+p+XwMSLtlJvgK Vaa/ioPIFq8nNUz7eefVSadsary2RfmKegDwmg8FZX/UOso+tQ21KQ== =q59/ -----END PGP SIGNATURE----- . ----------------------------------------------------------------------

Secunia is pleased to announce the release of the annual Secunia report for 2008.

1) An error in the firewall engine when handling the TCP session state for Web proxy and Web publishing listeners can be exploited to cause a Web listener to stop responding to new requests via a specially crafted TCP packet.

2) Input passed to the HTML forms authentication component (cookieauth.dll) is not properly sanitised before being returned to users.

Successful exploitation of this vulnerability requires that Web publishing is enabled and HTML forms authentication is enabled on the default Web listener.

SOLUTION: Apply patches. 2) The vendor credits New York State Chief Information Officer / Office for Technology.

ORIGINAL ADVISORY: MS09-016 (KB961759, KB968075, KB960995, KB968078): http://www.microsoft.com/technet/security/Bulletin/MS09-016.mspx

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200904-0228",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "forefront threat management gateway",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "internet security and acceleration server",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "microsoft",
        "version": "2006"
      },
      {
        "model": "internet security and acceleration server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "2004"
      },
      {
        "model": "forefront threat management gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "medium business edition"
      },
      {
        "model": "internet security and acceleration server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2006 supportability update"
      },
      {
        "model": "isa server supportability update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20060"
      },
      {
        "model": "isa server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2006"
      },
      {
        "model": "isa server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20060"
      },
      {
        "model": "forefront threat management gateway medium business edit",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "34416"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001218"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-284"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0237"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:forefront_threat_management_gateway",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:microsoft:isa_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001218"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NYS CIO/OFT   NYECOM@oft.state.ny.us",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-284"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2009-0237",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2009-0237",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2009-0237",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-37683",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2009-0237",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2009-0237",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200904-284",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-37683",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-37683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001218"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-284"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0237"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via \"authentication input\" to this component, aka \"Cross-Site Scripting Vulnerability.\". \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n                    National Cyber Alert System\n\n              Technical Cyber Security Alert TA09-104A\n\n\nMicrosoft Updates for Multiple Vulnerabilities\n\n   Original release date: April 14, 2009\n   Last revised: --\n   Source: US-CERT\n\n\nSystems Affected\n\n     * Microsoft Windows\n     * Microsoft Office\n     * Microsoft Windows Server\n     * Microsoft ISA Server\n\n\nOverview\n\n   Microsoft has released updates that address vulnerabilities in\n   Microsoft Windows, Office, Windows Server, and ISA Server. \n\n\nI. Description\n\n   As part of the Microsoft Security Bulletin Summary for April 2009,\n   Microsoft released updates to address vulnerabilities that affect\n   Microsoft Windows, Office, Windows Server, and ISA Server. \n\n\nII. \n\n\nIII. Solution\n\n   Microsoft has provided updates for these vulnerabilities in the\n   Microsoft Security Bulletin Summary for April 2009. The security\n   bulletin describes any known issues related to the updates. \n   Administrators are encouraged to note these issues and test for any\n   potentially adverse effects. Administrators should consider using\n   an automated update distribution system such as Windows Server\n   Update Services (WSUS). \n\n\nIV. References\n\n * Microsoft Security Bulletin Summary for April 2009 -\n   \u003chttp://www.microsoft.com/technet/security/bulletin/ms09-apr.mspx\u003e\n\n * Microsoft Windows Server Update Services -\n   \u003chttp://technet.microsoft.com/en-us/wsus/default.aspx\u003e\n\n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA09-104A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA09-104A Feedback VU#999892\" in\n   the subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2009 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n  \n  April 14, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeTi+XIHljM+H4irAQIIWQf/TWAkmQKay9j5fDLBcyMGJ3icTpG05Zp2\nrM8UXMjKohKcDBhY1K9mxKxif5L81+y87PlBz/WTl3icn+57wAGMl/pAAeTz3Hp3\nT98eKMXfzvVU57WDGGxy+4Ad57DIIF5hRkiGusDjnNJfd5kdH7q+8rPjPCUvtYAu\nH+0auzCpmob7NsIv/YuRXIHekkLiX5GPanhecy+mve1cvbSpXGKF9vf7LEGaFEsT\n1XOtTeY0r4TjZEk/c5ahKqGehJINujvv4eVdiajqDOCVecaALi+p+XwMSLtlJvgK\nVaa/ioPIFq8nNUz7eefVSadsary2RfmKegDwmg8FZX/UOso+tQ21KQ==\n=q59/\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \n\n1) An error in the firewall engine when handling the TCP session\nstate for Web proxy and Web publishing listeners can be exploited to\ncause a Web listener to stop responding to new requests via a\nspecially crafted TCP packet. \n\n2) Input passed to the HTML forms authentication component\n(cookieauth.dll) is not properly sanitised before being returned to\nusers. \n\nSuccessful exploitation of this vulnerability requires that Web\npublishing is enabled and HTML forms authentication is enabled on the\ndefault Web listener. \n\nSOLUTION:\nApply patches. \n2) The vendor credits New York State Chief Information Officer /\nOffice for Technology. \n\nORIGINAL ADVISORY:\nMS09-016 (KB961759, KB968075, KB960995, KB968078):\nhttp://www.microsoft.com/technet/security/Bulletin/MS09-016.mspx\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-0237"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001218"
      },
      {
        "db": "BID",
        "id": "34416"
      },
      {
        "db": "VULHUB",
        "id": "VHN-37683"
      },
      {
        "db": "PACKETSTORM",
        "id": "76655"
      },
      {
        "db": "PACKETSTORM",
        "id": "76632"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-0237",
        "trust": 2.8
      },
      {
        "db": "USCERT",
        "id": "TA09-104A",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "34687",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1022046",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-1030",
        "trust": 2.5
      },
      {
        "db": "OSVDB",
        "id": "53637",
        "trust": 2.5
      },
      {
        "db": "USCERT",
        "id": "SA09-104A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001218",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "TA09-104A",
        "trust": 0.6
      },
      {
        "db": "MS",
        "id": "MS09-016",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-284",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "34416",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-37683",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "76655",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "76632",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-37683"
      },
      {
        "db": "BID",
        "id": "34416"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001218"
      },
      {
        "db": "PACKETSTORM",
        "id": "76655"
      },
      {
        "db": "PACKETSTORM",
        "id": "76632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-284"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0237"
      }
    ]
  },
  "id": "VAR-200904-0228",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-37683"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:51:13.991000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MS09-016",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/MS09-016.mspx"
      },
      {
        "title": "MS09-016",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/bulletin/MS09-016.mspx"
      },
      {
        "title": "MS09-016e",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/security/bulletins/MS09-016e.mspx"
      },
      {
        "title": "TA09-104A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-104a.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001218"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-37683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001218"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0237"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta09-104a.html"
      },
      {
        "trust": 2.5,
        "url": "http://osvdb.org/53637"
      },
      {
        "trust": 2.5,
        "url": "http://www.securitytracker.com/id?1022046"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/34687"
      },
      {
        "trust": 2.5,
        "url": "http://www.vupen.com/english/advisories/2009/1030"
      },
      {
        "trust": 1.1,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-016"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5771"
      },
      {
        "trust": 1.0,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms09-016.mspx"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0237"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2009/at090007.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta09-104a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/jvntr-2009-10/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0237"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa09-104a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/#topics"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta09-104a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms09-apr.mspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://technet.microsoft.com/en-us/wsus/default.aspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/downloads/details.aspx?familyid=6abf9fb4-42d0-4c67-935f-8dc67850148b"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/downloads/details.aspx?familyid=adf623fa-2d74-4f2a-9835-4b8debdb0e1b"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/34687/"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/downloads/details.aspx?familyid=eda30bcc-0582-4f60-a4c5-ea5000b7c770"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/downloads/details.aspx?familyid=d1d55ab6-3de5-4811-9693-8d43f49f5fe8"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/try_vi/request_2008_report/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-37683"
      },
      {
        "db": "BID",
        "id": "34416"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001218"
      },
      {
        "db": "PACKETSTORM",
        "id": "76655"
      },
      {
        "db": "PACKETSTORM",
        "id": "76632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-284"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0237"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-37683"
      },
      {
        "db": "BID",
        "id": "34416"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001218"
      },
      {
        "db": "PACKETSTORM",
        "id": "76655"
      },
      {
        "db": "PACKETSTORM",
        "id": "76632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-284"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-0237"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-04-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-37683"
      },
      {
        "date": "2009-04-14T00:00:00",
        "db": "BID",
        "id": "34416"
      },
      {
        "date": "2009-05-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001218"
      },
      {
        "date": "2009-04-15T00:10:24",
        "db": "PACKETSTORM",
        "id": "76655"
      },
      {
        "date": "2009-04-14T15:11:48",
        "db": "PACKETSTORM",
        "id": "76632"
      },
      {
        "date": "2009-04-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200904-284"
      },
      {
        "date": "2009-04-15T08:00:00.577000",
        "db": "NVD",
        "id": "CVE-2009-0237"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-37683"
      },
      {
        "date": "2009-04-14T19:26:00",
        "db": "BID",
        "id": "34416"
      },
      {
        "date": "2009-05-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001218"
      },
      {
        "date": "2009-04-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200904-284"
      },
      {
        "date": "2024-11-21T00:59:24.857000",
        "db": "NVD",
        "id": "CVE-2009-0237"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-284"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft Forefront TMG MBE and  ISA Server of  HTML Cross-site scripting vulnerability in forms authentication",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001218"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "76632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-284"
      }
    ],
    "trust": 0.7
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2009-0237

Vulnerability from cvelistv5

gsd-2009-0237

Vulnerability from gsd

ghsa-xxfx-h76g-4vhr

Vulnerability from github

fkie_cve-2009-0237

Vulnerability from fkie_nvd

var-200904-0228

Vulnerability from variot

Tags

Sightings

Nomenclature