Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Windows : Microsoft Bulletins >> ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)

Vulnerability Assessment Details

ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)

Vulnerability Assessment Summary
Checks for hotfix Q888258

Detailed Explanation for this Vulnerability Assessment

Summary :

It is possible to spoof the content of the remote proxy server.

Description :

The remote host is running ISA Server 2000, an HTTP proxy. The
remote version of this software is vulnerable to content spoofing
attacks.
A possible hacker may lure a victim to visit a malicious web site and
the user could believe is visiting a trusted web site.

Solution :

Microsoft has released a set of patches for ISA Server 2000 :

http://www.microsoft.com/technet/security/bulletin/ms04-039.mspx

Network Security Threat Level:

Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:N/A:N/I:P/B:I)

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Tenable Network Security

Cables, Connectors