Remote file bypass vulnerability in Microsoft Internet Security and Acceleration Server 2004
CVE-2006-3652

Currently unrated

Key Information:

Vendor: Microsoft
Status: Isa Server
Vendor: CVE Published:; 18 July 2006

Summary

The Microsoft Internet Security and Acceleration (ISA) Server 2004 contains a vulnerability that enables remote attackers to bypass file extension filters. This occurs when an attacker sends a specially crafted request that includes a trailing '#' character, allowing them to potentially access files that should be restricted by these filters. Despite attempts to reproduce the issue, confirmation and test cases from third parties have not been consistent, raising concerns about the effectiveness of the filter implementation.

References

http://www.securityfocus.com/archive/1/440446/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/440558/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/18994

vdb-entryx_refsource_BID

EPSS Score

19% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 18, 2006
Vulnerability Reserved
Jul 17, 2006