First published: Wed Apr 15 2009(Updated: )
Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via "authentication input" to this component, aka "Cross-Site Scripting Vulnerability."
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Forefront Threat Management Gateway (TMG) | ||
McAfee SecurityShield for Microsoft ISA Server | =2004-sp3 | |
McAfee SecurityShield for Microsoft ISA Server | =2004-sp3 | |
McAfee SecurityShield for Microsoft ISA Server | =2006-sp1 | |
McAfee SecurityShield for Microsoft ISA Server | =2006-supportability |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2009-0237 is classified as a medium severity cross-site scripting (XSS) vulnerability.
To fix CVE-2009-0237, ensure you are running the latest patches and updates provided by Microsoft for affected versions.
CVE-2009-0237 affects Microsoft Internet Security and Acceleration Server 2004 SP3, 2006, and Microsoft Forefront Threat Management Gateway.
CVE-2009-0237 is a cross-site scripting (XSS) vulnerability found in cookieauth.dll.
Yes, CVE-2009-0237 can be exploited remotely by attackers leveraging the XSS vulnerability.