ID
VAR-200104-0018
TITLE
Microsoft ISA Server Proxy Service Denial of Service Vulnerability
Trust: 0.6
DESCRIPTION
When the length of a certain type of Web request exceeds a certain value, the Web Proxy Service (W3PROXY.EXE) of Microsoft ISA Server cannot properly handle it, a heap overflow occurs, and the service will generate an illegal access and crash. This will block all incoming and outgoing web proxy requests until the service is restarted. This vulnerability can only be exploited from the Internet when the "Web Publishing" feature is turned on, and this feature is disabled by default. An attacker would also be unable to exploit this vulnerability to access protected resources through a firewall. Other services in ISA Server are not affected. & lt; * Source: Richard Reiner, Graham Wiseman, Matthew Siemens, Kent Nicolson & lt; a href = 'http: //www.securexpert.com'> http: //www.securexpert.com< / a> MS01-021: & lt; a href = 'http: //www.microsoft.com/technet/security/bulletin/MS01-021.asp'> http://www.microsoft.com/technet/security/bulletin/MS01-021.asp< ; / a> *>
Trust: 0.6
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | none | model: | - | scope: | - | version: | - | Trust: 0.6 |
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2001-0929 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2001-0929 |
LAST UPDATE DATE
2022-05-04T08:51:35.094000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2001-0929 | date: | 2001-04-24T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2001-0929 | date: | 2001-04-24T00:00:00 |