Remote Code Execution Vulnerability in Microsoft ISA Server 2000
CVE-2005-1215

Currently unrated

Key Information:

Vendor: Microsoft
Status: Isa Server
Vendor: CVE Published:; 14 June 2005

Summary

Microsoft ISA Server 2000 is susceptible to remote attacks that leverage malformed HTTP request packets containing multiple Content-Length headers. This vulnerability can allow attackers to poison the ISA cache, potentially bypassing content restriction policies and leading to unauthorized access to sensitive information. Ensuring proper validation of HTTP headers is crucial for maintaining the integrity of web applications utilizing ISA Server 2000.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/bid/13956

vdb-entryx_refsource_BID

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 14, 2005
Vulnerability Reserved
Apr 22, 2005