MS.ISA.Server.Socks4.Proxy.Connection.Information.Disclosure
Description
Microsoft ISA Server has an information disclosure vulnerability that occurs when SOCKS4 handles empty packets.
An attacker could exploit this issue to obtain sensitive information that may aid in further attacks.
Affected Products
Microsoft ISA Server 2004 SP2
Microsoft ISA Server 2004 SP1
Impact
Information disclosure.
Recommended Actions
The vendor released an update to address this issue.
Microsoft ISA Server 2004 SP2:
Microsoft Microsoft Internet Security and Acceleration (ISA) Server 2004 Standard Edition SP3
http://www.microsoft.com/downloads/details.aspx?FamilyID=A05A074A-5033 -4792-AF8B-58B90D841436&displaylang=en
Microsoft ISA Server 2004 SP1:
Microsoft Microsoft Internet Security and Acceleration (ISA) Server 2004 Standard Edition SP3
http://www.microsoft.com/downloads/details.aspx?FamilyID=A05A074A-5033 -4792-AF8B-58B90D841436&displaylang=en
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |