Vulnerability CVE-2007-4991


Published: 2007-09-21   Modified: 2012-02-12

Description:
The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Microsoft -> Isa server 

 References:
http://www.zerodayinitiative.com/advisories/ZDI-07-053.html
http://www.securityfocus.com/bid/25753
http://osvdb.org/45906
http://xforce.iss.net/xforce/xfdb/36715
http://www.securitytracker.com/id?1018727

Copyright 2024, cxsecurity.com

 

Back to Top