ISA Server 2000
by Microsoft
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-1533 | Med | 0.36 | 5.3 | 0.18 | Dec 31, 2001 | Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience… | ||
| CVE-2001-0239 | 0.05 | — | 0.28 | Jul 2, 2001 | Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type. | |||
| CVE-2006-3652 | 0.02 | — | 0.19 | Jul 18, 2006 | Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties. | |||
| CVE-2005-1216 | 0.02 | — | 0.26 | Jun 14, 2005 | Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter. | |||
| CVE-2005-1215 | 0.02 | — | 0.19 | Jun 14, 2005 | Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers. | |||
| CVE-2006-1651 | 0.01 | — | 0.15 | Apr 6, 2006 | Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support… | |||
| CVE-2003-0011 | 0.01 | — | 0.13 | Mar 24, 2003 | Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not… | |||
| CVE-2001-0658 | 0.01 | — | 0.11 | Sep 20, 2001 | Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error… |
- risk 0.36cvss 5.3epss 0.18
Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience…
- CVE-2001-0239Jul 2, 2001risk 0.05cvss —epss 0.28
Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
- CVE-2006-3652Jul 18, 2006risk 0.02cvss —epss 0.19
Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
- CVE-2005-1216Jun 14, 2005risk 0.02cvss —epss 0.26
Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
- CVE-2005-1215Jun 14, 2005risk 0.02cvss —epss 0.19
Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
- CVE-2006-1651Apr 6, 2006risk 0.01cvss —epss 0.15
Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support…
- CVE-2003-0011Mar 24, 2003risk 0.01cvss —epss 0.13
Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not…
- CVE-2001-0658Sep 20, 2001risk 0.01cvss —epss 0.11
Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error…