Vulnerabilities > CVE-2004-0892 - Unspecified vulnerability in Microsoft ISA Server, Proxy Server and Windows 2003 Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 | |
OS | 2 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS04-039.NASL |
description | The remote host is running ISA Server 2000, an HTTP proxy. The remote version of this software is vulnerable to content spoofing attacks. An attacker could lure a victim to visit a malicious website and the user could believe is visiting a trusted web site. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 15714 |
published | 2004-11-13 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/15714 |
title | MS04-039: ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258) |
code |
|
Oval
accepted 2011-04-25T04:00:19.862-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name John Hoyland organization Centennial Software name Akihito Nakamura organization AIST
description Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results. family windows id oval:org.mitre.oval:def:4264 status accepted submitted 2004-11-17T12:00:00.000-04:00 title ISA Server Reverse DNS Lookup Results Spoofing version 6 accepted 2007-11-13T12:01:17.241-05:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Ingrid Skoog organization The MITRE Corporation name Jeff Cheng organization Opsware, Inc.
description Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results. family windows id oval:org.mitre.oval:def:4859 status accepted submitted 2004-11-17T12:00:00.000-04:00 title Proxy Server Reverse DNS Lookup Results Spoofing version 26
References
- http://www.securityfocus.com/bid/11605
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-039
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17906
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4264
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4859