Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3652

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3652
Last Modified 05 Sep 2008 05:07:42
Published 18 Jul 2006 11:47:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3652

Summary

Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.

Vulnerable Systems

Application

  • Microsoft Isa Server 2004


References

BID - 18994

BUGTRAQ - 20060715 Re: Bybass HTTP ( extension files ) in ISA 2004

BUGTRAQ - 20060715 Bybass HTTP ( extension files ) in ISA 2004

BUGTRAQ - 20060719 Re: Bybass HTTP ( extension files ) in ISA 2004

BUGTRAQ - 20060716 Re: Bybass HTTP ( extension files ) in ISA 2004

BUGTRAQ - 20060717 RE: Bybass HTTP ( extension files ) in ISA 2004

SECTRACK - 1016506


Last Updated: 27 May 2016 10:43:05