Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft ISA SOCKSv4 information leak
Published:22.09.2007
Source:
SecurityVulns ID:8177
Type:remote
Threat Level:
5/10
Description:Server replies with last IP address it proxied to on empty packet.
Affected:MICROSOFT : ISA Server 2004
CVE:CVE-2007-4991 (The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.)
Original documentdocumentZDI, ZDI-07-053: Microsoft ISA Server SOCKS4 Proxy Connection Leakage (22.09.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod