Lucene search

MitreCVE-2006-7027

HistoryFeb 23, 2007 - 3:28 a.m.

CVE-2006-7027

2007-02-2303:28:00

mitre

web.nvd.nist.gov

isa server 2004

vulnerability

remote attackers

log files

manipulation

security advisory

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.887

Percentile

98.7%

JSON

Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.

Affected configurations

Nvd

Node

microsoftisa_serverMatch2004

VendorProductVersionCPE
microsoftisa_server2004cpe:2.3:a:microsoft:isa_server:2004:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	isa_server	2004	cpe:2.3:a:microsoft:isa_server:2004:::::::*

References

www.securityfocus.com/archive/1/432947/30/5190/threaded

www.securityfocus.com/archive/1/433074/30/5190/threaded

www.securityfocus.com/archive/1/433141/30/5160/threaded

www.securityfocus.com/archive/1/433350/30/5100/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/26233

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.887

Percentile

98.7%

JSON

Related for CVE-2006-7027