ID CVE-2004-0892
Summary Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:isa_server:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:isa_server:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:isa_server:2000:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:isa_server:2000:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:isa_server:2000:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:isa_server:2000:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:proxy_server:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:proxy_server:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:proxy_server:2.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:proxy_server:2.0:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:2000:*:small_business_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:2000:*:small_business_server:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:2003:*:small_business_server:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:2003:*:small_business_server:*:*:*:*:*
CVSS
Base: 7.5 (as of 12-10-2018 - 21:35)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2011-04-25T04:00:19.862-04:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Akihito Nakamura
      organization AIST
    description Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
    family windows
    id oval:org.mitre.oval:def:4264
    status accepted
    submitted 2004-11-17T12:00:00.000-04:00
    title ISA Server Reverse DNS Lookup Results Spoofing
    version 6
  • accepted 2007-11-13T12:01:17.241-05:00
    class vulnerability
    contributors
    • name Christine Walzer
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name Ingrid Skoog
      organization The MITRE Corporation
    • name Jeff Cheng
      organization Opsware, Inc.
    description Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
    family windows
    id oval:org.mitre.oval:def:4859
    status accepted
    submitted 2004-11-17T12:00:00.000-04:00
    title Proxy Server Reverse DNS Lookup Results Spoofing
    version 25
refmap via4
bid 11605
ms MS04-039
xf isa-cache-reverse-spoof(17906)
Last major update 12-10-2018 - 21:35
Published 27-01-2005 - 05:00
Back to Top