Denial of Service Vulnerability in Microsoft ISA Server 2000
CVE-2001-1533

5.3MEDIUM

Key Information:

Vendor

Microsoft
Status
Isa Server
Vendor
CVE Published:
31 December 2001

What is CVE-2001-1533?

Microsoft Internet Security and Acceleration (ISA) Server 2000 is susceptible to a denial of service (DoS) vulnerability that can be triggered by remote attackers utilizing a flood of fragmented UDP packets. While the vendor claims the issue demands high bandwidth for successful exploitation, and asserts that it does not lead to server instability, the theoretical risk of performance degradation remains a concern for network administrators. Organizations using this product should be aware of the potential implications and consider implementing appropriate network defenses.

References

http://www.securityfocus.com/bid/3501
vdb-entryx_refsource_BID
http://www.iss.net/security_center/static/7446.php
vdb-entryx_refsource_XF
http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg0...
mailing-listx_refsource_BUGTRAQ

EPSS Score

26% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.