Log Manipulation Vulnerability in Microsoft ISA Server 2004
CVE-2006-7027

Currently unrated

Key Information:

Vendor: Microsoft
Status: Isa Server
Vendor: CVE Published:; 23 February 2007

What is CVE-2006-7027?

The Microsoft Internet Security and Acceleration (ISA) Server 2004 is susceptible to log manipulation due to the way it logs certain ASCII characters in the Host header, including tabs. This vulnerability enables remote attackers to exploit log files, potentially leading to further attacks and compromising the integrity of the log data. Attackers can manipulate log entries, which may mask their activities or cause confusion in analyzing security events.

References

http://www.securityfocus.com/archive/1/433074/30/5190/thr...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/432947/30/5190/thr...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/433350/30/5100/thr...

mailing-listx_refsource_BUGTRAQ

EPSS Score

38% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 23, 2007
Vulnerability Reserved
Feb 22, 2007