also @ TechSpot: Congress pressures Google on Glass privacy concerns

Flaw in ISA Server Could Allow CSS Attack

By Thomas McGuire

On July 16, 2003, 3:12 PM

Affected Software:
Microsoft Internet Security & Acceleration (ISA) Server 2000

ISA Server contains a number of HTML-based error pages that allow the server to respond to a client requesting a Web resource with a customized error. A cross-site scripting vulnerability exists in many of these error pages that are returned by ISA Server under specific error conditions.

To exploit this flaw, an attacker would have to first be aware of a specific ISA server & its access policies or host an ISA server of their own & create specific access policies designed to exploit this vulnerability. The attacker could then craft a request to trigger a page refusal. Once the attack was crafted, the attacker would have to host a Web site containing the link, or send the link to the user in the form of an HTML e-mail. After the user previewed or opened the e-mail, the malicious site could be visited automatically without further user interaction. In the Web-based attack scenario, an attacker would have no way to force a user to visit the Web site.

Patch availability
Download locations for this patch

No tags on this story

3 comments

User Comments: 3

Got something to say? Post a comment
  1. July 16, 2003 3:51 PM
    ---agissi--- said:
    Thats absolutly insane. How would anyone even know to do whose exact actions in the first place? Gosh..
    Reply
  2. July 16, 2003 3:55 PM
    Phantasm66 said:
    Oh Heavens to Betzy! [i]ANOTHER[/i] security glitch found in an Enterprise level service from Microsoft.....
    Reply
  3. July 17, 2003 10:53 AM
    ---agissi--- said:
    [quote][b]Oh Heavens to Betzy! ANOTHER security glitch found in an Enterprise level service from Microsoft.....[/b][/quote]Yeah they do make alot of glitches dont they :blackeye:
    Reply

Recently commented stories

Post a new comment

Social Login & Guest Posting TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.
TechSpot on:

Most Popular

Trending Featured
More Trending Topics

Featured on Keyboards

Downloads and Drivers

Downloads   Drivers  

J. River Media Center 18.0.187

ComicRack 0.9.169

Ashampoo UnInstaller 5.03

Files Terminator Free 2.5.0.11

Advanced Host Monitor 9.50

More Downloads

Latest Discussion

Steam trading zone 113 replies on Gaming

Vertex shader 1.1 and Pixel Shader 1.1 28 replies on Audio and Video

AMD Radeon HD 6550D Driver Issue 5 replies on Device Drivers

Toshiba L745 says plugged in charging but battery continues to drain 7 replies on Mobile Computing

How did my Windows key become disabled? 6 replies on Other Hardware

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.