{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Microsoft Internet Security and Acceleration Server 2006 Support Update ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Internet Security and Acceleration Server 2006 Service Pack 1.","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3 ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Internet Security and Acceleration Server 2006 ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Forefront Management Gateway, Medium Business Edition ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3 ;","product":{"name":"N/A","vendor":{"name":"Microsoft","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nDeux vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans Microsoft ISA Server et\nMicrosoft Forefront Management Gateway :\n\n-   la premi\u00e8re est relative \u00e0 une erreur dans la gestion des \u00e9tats TCP\n    par le pare-feu pour les services Web proxy et Web publishing. Elle\n    permet \u00e0 un utilisateur distant de provoquer un d\u00e9ni de service\n    (CVE-2009-0077) ;\n-   la seconde concerne une erreur dans les formulaires HTML\n    d'authentification de ISA Server et Forefront TMG. Elle permet \u00e0 un\n    utilisateur distant de r\u00e9aliser des attaques de type injection de\n    code indirecte (Cross-site Scripting) (CVE-2009-0237).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2009-0077","url":"https://www.cve.org/CVERecord?id=CVE-2009-0077"},{"name":"CVE-2009-0237","url":"https://www.cve.org/CVERecord?id=CVE-2009-0237"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Microsoft M09-016 du 14 avril 2009 :","url":"http://www.microsoft.com/technet/security/Bulletin/M09-016.mspx"},{"title":"Bulletin de s\u00e9curit\u00e9 Microsoft M09-016 du 14 avril 2009 :","url":"http://www.microsoft.com/france/technet/security/Bulletin/M09-016.mspx"}],"reference":"CERTA-2009-AVI-146","revisions":[{"description":"version initiale.","revision_date":"2009-04-15T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance"}],"summary":"Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Microsoft ISA Server et\nMicrosoft Forefront Management Gateway permettent \u00e0 un utilisateur\ndistant de provoquer un d\u00e9ni de service ou de r\u00e9aliser des attaques de\ntype injection de code indirecte (<span class=\"textit\">Cross-site\nScripting</span>).\n","title":"Vuln\u00e9rabilit\u00e9 dans Microsoft ISA Server","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Microsoft MS09-016 du 14 avril 2009","url":null}]}