PT-2006-4519 · Microsoft · Internet Security/Acceleration (Isa) Server 2004

Published

2006-07-17

Updated

2018-10-18

CVE-2006-3652

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Microsoft Internet Security and Acceleration (ISA) Server 2004

Description The issue allows remote attackers to bypass file extension filters by sending a request with a trailing "#" character. As of 20060715, this could not be reproduced by third parties.

Recommendations For Microsoft Internet Security and Acceleration (ISA) Server 2004, consider implementing additional validation on file extensions to prevent bypassing of filters. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3652

Affected Products

Internet Security/Acceleration (Isa) Server 2004

PT-2006-4519 · Microsoft · Internet Security/Acceleration (Isa) Server 2004

CVE-2006-3652

Related Identifiers

Affected Products

References · 8