Lucene search

[email protected]CVE-2009-1135

HistoryJul 15, 2009 - 3:30 p.m.

CVE-2009-1135

2009-07-1515:30:01

CWE-264

[email protected]

web.nvd.nist.gov

cve-2009-1135

microsoft

isa server

radius otp

bypass vulnerability

security advisory

nvd

7.1 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.017 Low

EPSS

Percentile

87.9%

JSON

Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka “Radius OTP Bypass Vulnerability.”

Affected configurations

NVD

Node

microsoftisa_serverMatch2006

microsoftisa_serverMatch2006sp1

microsoftisa_serverMatch2006supportability

CPENameOperatorVersion
microsoft:isa_servermicrosoft isa servereq2006

CPE	Name	Operator	Version
microsoft:isa_server	microsoft isa server	eq	2006

References

secunia.com/advisories/35784

www.securitytracker.com/id?1022547

www.us-cert.gov/cas/techalerts/TA09-195A.html

www.vupen.com/english/advisories/2009/1889

docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-031

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5649

Social References

7.1 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.017 Low

EPSS

Percentile

87.9%

JSON

Related for CVE-2009-1135

securityvulns2 seebug1 nessus1 cvelist1 openvas2 nvd1 prion1 checkpoint_advisories1