Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0237


Vulnerability Score 4.3 4.3
CVE Id CVE-2009-0237
Last Modified 21 Aug 2010 01:29:59
Published 15 Apr 2009 04:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via "authentication input" to this component, aka "Cross-Site Scripting Vulnerability."

Vulnerable Systems


  • Microsoft Forefront Threat Management Gateway -

  • Microsoft Internet Security And Acceleration Server 2004

  • Microsoft Internet Security And Acceleration Server 2006


CERT - TA09-104A

MS - MS09-016

VUPEN - ADV-2009-1030

SECTRACK - 1022046

SECUNIA - 34687

OSVDB - 53637

Last Updated: 27 May 2016 10:50:10