Reported June 14, 2005 by Microsoft
Microsoft Internet Security and
Acceleration (ISA) Server 2000 Service Pack 2 including
Microsoft Internet Security and Acceleration (ISA) Server 2000 Service Pack 2 (SP2) contains two vulnerabilities. ISA Server doesn't properly process malformed HTTP requests, which could allow an intruder to poison the cache, bypass content restrictions, access unauthorized content, or redirect other ISA Server users to various content.
Also, the process used by ISA Server to validate NetBIOS contains a vulnerability that could allow an intruder to gain access with elevated privileges and to connect to services using the NetBIOS protocol.
Microsoft released a security bulletin, Cumulative Security Update for ISA Server 2000 (899753), and an associated patch to correct these problems.
Steve Orrin of
Watchfire reported the HTTP request processing vulnerability
Han Valk reported the NetBIOS vulnerability