Microsoft ISA Server和Forefront TMG跨站脚本漏洞（MS09-016）

BUGTRAQ ID: 34416 CVECAN ID: CVE-2009-0237 Microsoft ISA Server和Forefront TMG都是微软产品家族中的安全组件，可提供防火墙、安全网关等功能。 ISA Server或Forefront TMG中的HTML表单认证组件cookieauth.dll没有正确地对HTTP流执行输入验证，允许恶意脚本代码扮演为运行cookieauth.dll的服务器在其他用户的设备上运行，导致跨站脚本攻击。 Microsoft ISA Server 2006可支持性升级 Microsoft ISA Server 2006 SP1...

Cross site scripting

Cross-site scripting XSS vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition TMG MBE; and Internet Security and Acceleration ISA Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote...

CVE-2009-0237

Cross-site scripting XSS vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition TMG MBE; and Internet Security and Acceleration ISA Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote...

CVE-2009-0237

CVE-2009-0237 is a non-persistent cross-site scripting (XSS) vulnerability in the HTML forms authentication component cookieauth.dll used by ISA Server and Forefront TMG MBE and affected 2006/2006 SP1, as described in the MS09-016 bulletin. The root cause is improper input validation of HTTP form...

Microsoft Outlook Web Access for Exchange Server 2003 - redir.asp Open Redirection

Microsoft Outlook Web Access for Exchange Server 2003 - redir.asp Open Redirection source: https://www.securityfocus.com/bid/31765/info Outlook Web Access is prone to a remote URI-redirection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploi...