Vulnerability CVE-2006-7027


Published: 2007-02-22   Modified: 2012-02-12

Description:
Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Microsoft -> Isa server 

 References:
http://www.securityfocus.com/archive/1/432947/30/5190/threaded
http://www.securityfocus.com/archive/1/433074/30/5190/threaded
http://www.securityfocus.com/archive/1/433141/30/5160/threaded
http://www.securityfocus.com/archive/1/433350/30/5100/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/26233

Copyright 2021, cxsecurity.com

 

Back to Top