CVE-2009-1135

Name of the Vulnerable Software and Affected Versions Microsoft Internet Security and Acceleration (ISA) Server 2006 versions Gold and SP1

Description The issue allows remote attackers to gain the privileges of an arbitrary account and access published web pages via vectors involving attempted access to a network resource behind the ISA Server when Radius OTP is enabled. This is due to the use of the HTTP-Basic authentication method.

Recommendations For Microsoft Internet Security and Acceleration (ISA) Server 2006 versions Gold and SP1, consider disabling the Radius OTP feature until a fix is available to prevent exploitation. Restrict access to published web pages to minimize the risk of unauthorized access.