PT-2007-1306 · Microsoft · Internet Security/Acceleration (Isa) Server 2004

Publicado

2007-02-23

Atualizado

2018-10-16

CVE-2006-7027

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Internet Security and Acceleration (ISA) Server 2004

Description The issue allows remote attackers to manipulate portions of the log file by including unusual ASCII characters, such as the tab, in the Host header. This could potentially be leveraged for other attacks.

Recommendations For Microsoft Internet Security and Acceleration (ISA) Server 2004, consider restricting or sanitizing the input allowed in the Host header to prevent the inclusion of unusual ASCII characters, such as the tab, until a more comprehensive fix is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-7027

Produtos afetados

Internet Security/Acceleration (Isa) Server 2004

PT-2007-1306 · Microsoft · Internet Security/Acceleration (Isa) Server 2004

CVE-2006-7027

Identificadores relacionados

Produtos afetados

Referências · 6