Intrusion Prevention

HTTP.Multiple.Content-Length.Request.Smuggling

Description

This indicates an attempt to exploit a Cache Poisoning vulnerability in Microsoft ISA (Internet Security Acceleration) server.
The vulnerability is caused by the application's failure to properly sanitize user HTTP requests. An attacker can send a specially crafted request containing multiple "content length" headers to poison the cache of the ISA server. As a result the attacker can bypass content restrictions or cause user requests to be redirected.

Affected Products

Microsoft ISA Server 2000 Enterprise Edition SP2
Microsoft ISA Server 2000 Enterprise Edition SP1
Microsoft ISA Server 2000 Enterprise Edition
Microsoft ISA Server 2000 SP2
Microsoft ISA Server 2000 SP1
Microsoft ISA Server 2000

Impact

System Compromise: Provides unauthorized access, bypassing security.

Recommended Actions

Apply the security patch to the system, as given in the Microsoft bulletins MS05-034.

CVE References

CVE-2005-0174 CVE-2005-1215