Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1135

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2009-1135
Last Modified 21 Aug 2010 01:31:31
Published 15 Jul 2009 11:30:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2009-1135

Summary

Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."

Vulnerable Systems

Application

  • Microsoft Isa Server 2006


References

CERT - TA09-195A

MS - MS09-031

VUPEN - ADV-2009-1889

SECTRACK - 1022547

SECUNIA - 35784


Last Updated: 27 May 2016 10:50:28