CVE-2009-1135: CVE-2009-1135

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2009-1135

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Microsoft ISA Server绕过Radius OTP认证漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ISA Server是微软产品家族之一，可以提供企业防火墙和高性能的Web缓存。如果对ISA Server 2006配置了使用RADIUS OTP的基于表单认证(FBA)，则当该服务器从用户代理接收到请求要求回退到HTTP-Basic认证时，ISA就无法正确地认证该请求。如果配置了KCD，ISA会继续对已发布的服务器使用KCD进行认证。对于知道管理员账号用户名的攻击者，成功利用这个漏洞可以完全控制依赖ISA Server 2006 Web发布规则进行认证的系统。攻击者随后可安装程序；查看、更改或删除数

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2009-1135

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2009-1135

Please Login to view more intelligence information

http://secunia.com/advisories/35784third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1022547vdb-entryx_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-031vendor-advisoryx_refsource_MS
http://www.us-cert.gov/cas/techalerts/TA09-195A.htmlthird-party-advisoryx_refsource_CERT
http://www.vupen.com/english/advisories/2009/1889vdb-entryx_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5649vdb-entrysignaturex_refsource_OVAL
https://nvd.nist.gov/vuln/detail/CVE-2009-1135

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2009-1135

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2009-1135

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2009-1135

III. Intelligence Information for CVE-2009-1135

IV. Related Vulnerabilities

V. Comments for CVE-2009-1135

Leave a comment