Skip navigation
Menu
End-User Platforms>Windows 7/8

Denial of Service Condition in Microsoft ISA Server

Reported April 16, 2001, by Microsoft.

VERSION AFFECTED

·         Microsoft Internet Security and Acceleration (ISA) Server 2000

 

DESCRIPTION

When using Web publishing to bridge HTTP traffic to a Web server, a malicious attacker can use an invalid Web request containing a certain malformed argument to cause an access violation in the Web proxy service, denying service for legitimate traffic. Microsoft disables this service by default.

 

VENDOR RESPONSE

 

Microsoft has issued security bulletin MS01-021 to address this vulnerability and has also issued a hotfix that enables ISA’s Web proxy service to correctly treat this request as invalid.

 

CREDIT

Discovered by Dr. Richard Reiner, Graham Wiseman, Matthew Siemens, and Kent Nicolson of SecureXpert Labs, a division of FSC Internet Corporation.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
PowerShell screenshot shows Where-Object cmdlet
How to Use the PowerShell Where-Object Cmdlet
Aug 04, 2022
shield_icon_laptop.jpg
What To Do When Windows Defender Is Not Working
Mar 15, 2022
Computer Screen Showing Password Dialog Box
Microsoft Edge Downloads Updated for Azure AD Sign-In & Sync
Aug 22, 2019
mktg-wp-nolabel5
How to Approach the Windows 7 to 10 Migration
Aug 01, 2019