Intrusion Prevention

MS.ISA.ContentLength.HTTP.Request.Smuggling

Description

This indicates an attempt to exploit a cache poisoning vulnerability in Microsoft ISA (Internet Security Acceleration) server.
The application fails to properly sanitize user HTTP requests. An attacker can send a specially crafted request containing multiple content length headers to poison the cache of the ISA server. As a result the attacker can bypass content restrictions or cause user requests to be redirected.

Affected Products

Microsoft ISA Server 2000 Enterprise Edition SP2
Microsoft ISA Server 2000 Enterprise Edition SP1
Microsoft ISA Server 2000 Enterprise Edition
Microsoft ISA Server 2000 SP2
Microsoft ISA Server 2000 SP1
Microsoft ISA Server 2000

Impact

System compromise: provides unauthorized access, bypassing security.

Recommended Actions

Apply security patch to the system as given in the Microsoft bulletins MS05-034

CVE References

CVE-2005-1215

Other References

1