PT-2007-1306 · Microsoft · Internet Security/Acceleration (Isa) Server 2004

Published

2007-02-23

Updated

2018-10-16

CVE-2006-7027

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Internet Security and Acceleration (ISA) Server 2004

Description The issue allows remote attackers to manipulate portions of the log file by including unusual ASCII characters, such as the tab, in the Host header. This could potentially be leveraged for other attacks.

Recommendations For Microsoft Internet Security and Acceleration (ISA) Server 2004, consider restricting or sanitizing the input allowed in the Host header to prevent the inclusion of unusual ASCII characters, such as the tab, until a more comprehensive fix is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-7027

Affected Products

Internet Security/Acceleration (Isa) Server 2004

PT-2007-1306 · Microsoft · Internet Security/Acceleration (Isa) Server 2004

CVE-2006-7027

Related Identifiers

Affected Products

References · 6