9

CVE-2009-1135

Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftIsa Server Version2006
MicrosoftIsa Server Version2006 Updatesp1
MicrosoftIsa Server Version2006 Updatesupportability
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 26.45% 0.977
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.us-cert.gov/cas/techalerts/TA09-195A.html
US Government Resource
http://secunia.com/advisories/35784
http://www.securitytracker.com/id?1022547
http://www.vupen.com/english/advisories/2009/1889
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-031
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5649