Vulnerability CVE-2004-0892


Published: 2005-01-27   Modified: 2012-02-12

Description:
Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Microsoft -> Isa server 
Microsoft -> Proxy server 
Microsoft -> Windows 2003 server 

 References:
http://www.securityfocus.com/bid/11605
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-039
https://exchange.xforce.ibmcloud.com/vulnerabilities/17906
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4264
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4859

Copyright 2021, cxsecurity.com

 

Back to Top