Remote Packet Filtering Issues in Microsoft ISA Server 2004
CVE-2006-1651

Currently unrated

Key Information:

Vendor: Microsoft
Status: Isa Server
Vendor: CVE Published:; 6 April 2006

Summary

Microsoft ISA Server 2004 is susceptible to a potential filtering bypass that allows remote attackers to evade specific filtering rules designed to monitor and control network traffic. This vulnerability occurs primarily due to the server's inability to correctly process IPv6 packets, leading to possible circumventions of established filtering protocols, particularly for ICMP and TCP traffic. However, it is essential to note that concerns have been raised regarding the server's support for IPv6 filtering. The issue emphasizes the importance of ensuring robust network configurations and thorough assessments of firewall capabilities to maintain security integrity.

References

http://www.securityfocus.com/archive/1/429816/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/429846/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/430281/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 6, 2006
Vulnerability Reserved
Apr 6, 2006