PT-2006-4519 · Microsoft · Internet Security/Acceleration (Isa) Server 2004

Publicado

2006-07-17

Atualizado

2018-10-18

CVE-2006-3652

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Microsoft Internet Security and Acceleration (ISA) Server 2004

Description The issue allows remote attackers to bypass file extension filters by sending a request with a trailing "#" character. As of 20060715, this could not be reproduced by third parties.

Recommendations For Microsoft Internet Security and Acceleration (ISA) Server 2004, consider implementing additional validation on file extensions to prevent bypassing of filters. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-3652

Produtos afetados

Internet Security/Acceleration (Isa) Server 2004

PT-2006-4519 · Microsoft · Internet Security/Acceleration (Isa) Server 2004

CVE-2006-3652

Identificadores relacionados

Produtos afetados

Referências · 8