Lucene search

[email protected]CVE-2006-3652

HistoryJul 18, 2006 - 3:47 p.m.

CVE-2006-3652

2006-07-1815:47:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

microsoft

isa server

file extension filters

security

cve-2006-3652

nvd

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.305 Low

EPSS

Percentile

97.0%

JSON

Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing “#” character. NOTE: as of 20060715, this could not be reproduced by third parties.

CPENameOperatorVersion
microsoft:isa_servermicrosoft isa servereq2004

CPE	Name	Operator	Version
microsoft:isa_server	microsoft isa server	eq	2004

References

securitytracker.com/id?1016506

www.securityfocus.com/archive/1/440105/100/0/threaded

www.securityfocus.com/archive/1/440247/100/0/threaded

www.securityfocus.com/archive/1/440299/100/0/threaded

www.securityfocus.com/archive/1/440446/100/0/threaded

www.securityfocus.com/archive/1/440558/100/0/threaded

www.securityfocus.com/bid/18994

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.305 Low

EPSS

Percentile

97.0%

JSON

Related for CVE-2006-3652

cvelist1