HTTP: ISA Server Cross Site Scripting
This signature detects attempts to exploit a known vulnerability against Microsoft ISA server authentication mechanism. A successful attack can lead to cross-site scripting against the client browser connecting to the ISA server. This could lead to credential stealing.
Extended Description
Microsoft ISA (Internet Security and Acceleration) Server and Forefront Threat Management Gateway (TMG) are prone to a cross-site scripting vulnerability because the software fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks.
Affected Products
Microsoft forefront_threat_management_gateway
Short Name
HTTP:XSS:ISA-AUTH-XSS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2009-0237 Cross ISA Scripting Server Site
Release Date
04/14/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
CVSS Score
4.3