VAR-200104-0018
Vulnerability from variot - Updated: 2022-05-04 08:51When the length of a certain type of Web request exceeds a certain value, the Web Proxy Service (W3PROXY.EXE) of Microsoft ISA Server cannot properly handle it, a heap overflow occurs, and the service will generate an illegal access and crash. This will block all incoming and outgoing web proxy requests until the service is restarted. This vulnerability can only be exploited from the Internet when the "Web Publishing" feature is turned on, and this feature is disabled by default. An attacker would also be unable to exploit this vulnerability to access protected resources through a firewall. Other services in ISA Server are not affected. & lt; * Source: Richard Reiner, Graham Wiseman, Matthew Siemens, Kent Nicolson & lt; a href = 'http: //www.securexpert.com'> http: //www.securexpert.com< / a> MS01-021: & lt; a href = 'http: //www.microsoft.com/technet/security/bulletin/MS01-021.asp'> http://www.microsoft.com/technet/security/bulletin/MS01-021.asp< ; / a> *>
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200104-0018",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2001-0929"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "When the length of a certain type of Web request exceeds a certain value, the Web Proxy Service (W3PROXY.EXE) of Microsoft ISA Server cannot properly handle it, a heap overflow occurs, and the service will generate an illegal access and crash. This will block all incoming and outgoing web proxy requests until the service is restarted. This vulnerability can only be exploited from the Internet when the \"Web Publishing\" feature is turned on, and this feature is disabled by default. An attacker would also be unable to exploit this vulnerability to access protected resources through a firewall. Other services in ISA Server are not affected. \u0026 lt; * Source: Richard Reiner, Graham Wiseman, Matthew Siemens, Kent Nicolson \u0026 lt; a href = \u0027http: //www.securexpert.com\u0027\u003e http: //www.securexpert.com\u0026lt; / a\u003e MS01-021: \u0026 lt; a href = \u0027http: //www.microsoft.com/technet/security/bulletin/MS01-021.asp\u0027\u003e http://www.microsoft.com/technet/security/bulletin/MS01-021.asp\u0026lt ; / a\u003e *\u003e",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2001-0929"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2001-0929",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2001-0929"
}
]
},
"id": "VAR-200104-0018",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2001-0929"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2001-0929"
}
]
},
"last_update_date": "2022-05-04T08:51:35.094000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2001-0929"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2001-0929"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2001-0929"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft ISA Server Proxy Service Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2001-0929"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…