Executive Summary
| Informations | |||
|---|---|---|---|
| Name | MS04-039 | First vendor Publication | N/A |
| Vendor | Microsoft | Last vendor Modification | N/A |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Vulnerability in ISA Server 2000 and Proxy Server 2.0 Could Allow Internet Content Spoofing (888258) |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-18 | Embedding Scripts in Nonscript Elements |
| CAPEC-63 | Simple Script Injection |
| CAPEC-73 | User-Controlled Filename |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:4264 | |||
| Oval ID: | oval:org.mitre.oval:def:4264 | ||
| Title: | ISA Server Reverse DNS Lookup Results Spoofing | ||
| Description: | Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2004-0892 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Security and Acceleration Server 2000 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:4859 | |||
| Oval ID: | oval:org.mitre.oval:def:4859 | ||
| Title: | Proxy Server Reverse DNS Lookup Results Spoofing | ||
| Description: | Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2004-0892 | Version: | 2 |
| Platform(s): | Microsoft Windows NT | Product(s): | Proxy Server 2.0 SP1 |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 | |
| Application | 2 | |
| Os | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2005-11-03 | Name : ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258) File : nvt/smb_nt_ms04-039.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 11579 | Microsoft ISA Server / Proxy Server Internet Content
Spoofing |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft ISA Server DNS spoofing attempt RuleID : 15988 - Revision : 6 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-11-13 | Name : It is possible to spoof the content of the remote proxy server. File : smb_nt_ms04-039.nasl - Type : ACT_GATHER_INFO |
| 2003-04-13 | Name : It is possible to launch a denial of service attack against the remote proxy ... File : smb_nt_ms03-012.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:45:04 |
|
