HTTP.Multiple.Content-Length.Request.Smuggling
Description
This indicates an attempt to exploit a Cache Poisoning vulnerability in Microsoft ISA (Internet Security Acceleration) server.
The vulnerability is caused by the application's failure to properly sanitize user HTTP requests. An attacker can send a specially crafted request containing multiple "content length" headers to poison the cache of the ISA server. As a result the attacker can bypass content restrictions or cause user requests to be redirected.
Affected Products
Microsoft ISA Server 2000 Enterprise Edition SP2
Microsoft ISA Server 2000 Enterprise Edition SP1
Microsoft ISA Server 2000 Enterprise Edition
Microsoft ISA Server 2000 SP2
Microsoft ISA Server 2000 SP1
Microsoft ISA Server 2000
Impact
System Compromise: Provides unauthorized access, bypassing security.
Recommended Actions
Apply the security patch to the system, as given in the Microsoft bulletins MS05-034.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |