| ID |
CVE-2004-0892
|
| Summary |
Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:microsoft:isa_server:2000:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:isa_server:2000:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:isa_server:2000:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:isa_server:2000:sp1:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:isa_server:2000:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:isa_server:2000:sp2:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:proxy_server:2.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:proxy_server:2.0:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:proxy_server:2.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:proxy_server:2.0:sp1:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2003_server:2000:*:small_business_server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:2000:*:small_business_server:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows_2003_server:2003:*:small_business_server:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:2003:*:small_business_server:*:*:*:*:*
|
| CVSS |
| Base: | 7.5 (as of 12-10-2018 - 21:35) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| oval
via4
|
| accepted | 2011-04-25T04:00:19.862-04:00 | | class | vulnerability | | contributors | | name | Christine Walzer | | organization | The MITRE Corporation |
| name | John Hoyland | | organization | Centennial Software |
| name | Akihito Nakamura | | organization | AIST |
| | description | Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results. | | family | windows | | id | oval:org.mitre.oval:def:4264 | | status | accepted | | submitted | 2004-11-17T12:00:00.000-04:00 | | title | ISA Server Reverse DNS Lookup Results Spoofing | | version | 6 |
| accepted | 2007-11-13T12:01:17.241-05:00 | | class | vulnerability | | contributors | | name | Christine Walzer | | organization | The MITRE Corporation |
| name | Christine Walzer | | organization | The MITRE Corporation |
| name | Ingrid Skoog | | organization | The MITRE Corporation |
| name | Jeff Cheng | | organization | Opsware, Inc. |
| | description | Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results. | | family | windows | | id | oval:org.mitre.oval:def:4859 | | status | accepted | | submitted | 2004-11-17T12:00:00.000-04:00 | | title | Proxy Server Reverse DNS Lookup Results Spoofing | | version | 26 |
|
| refmap
via4
|
| bid | 11605 | | xf | isa-cache-reverse-spoof(17906) |
|
| Last major update |
12-10-2018 - 21:35 |
| Published |
27-01-2005 - 05:00 |
| Last modified |
12-10-2018 - 21:35 |
