CVE-2004-0892

Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/11605	Patch Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-039
https://exchange.xforce.ibmcloud.com/vulnerabilities/17906
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4264
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4859

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:isa_server:2000:::::::*
	cpe:2.3:a:microsoft:isa_server:2000:sp1::::::
	cpe:2.3:a:microsoft:isa_server:2000:sp2::::::
	cpe:2.3:a:microsoft:proxy_server:2.0:::::::*
	cpe:2.3:a:microsoft:proxy_server:2.0:sp1::::::

Configuration 2 (hide)

OR	cpe:2.3:o:microsoft:windows_2003_server:2000::small_business_server:::::
	cpe:2.3:o:microsoft:windows_2003_server:2003::small_business_server:::::

History

No history.

Information

Published : 2005-01-27 05:00

Updated : 2024-02-04 16:52

NVD link : CVE-2004-0892

Mitre link : CVE-2004-0892

CVE.ORG link : CVE-2004-0892

JSON object : View

Products Affected

microsoft

isa_server
proxy_server
windows_2003_server

CWE

NVD-CWE-Other

{"id": "CVE-2004-0892", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2005-01-27T05:00:00.000", "references": [{"url": "http://www.securityfocus.com/bid/11605", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-039", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17906", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4264", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4859", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results."}], "lastModified": "2018-10-12T21:35:25.077", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:isa_server:2000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80744BD9-85A9-4E33-8C35-59C8C112AC62"}, {"criteria": "cpe:2.3:a:microsoft:isa_server:2000:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F2A1D83-7D2F-4408-B93E-FB53F724EB58"}, {"criteria": "cpe:2.3:a:microsoft:isa_server:2000:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FB3AF3C-4840-496F-A667-D39742A2133D"}, {"criteria": "cpe:2.3:a:microsoft:proxy_server:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F7BF233-8DE6-4DC4-B9ED-5D4A180DD8B9"}, {"criteria": "cpe:2.3:a:microsoft:proxy_server:2.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE48AD5F-D719-4D39-ACE1-53D0FE5F6525"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2003_server:2000:*:small_business_server:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DF610DF-6AE4-4CF3-A9AB-823228BEF157"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:2003:*:small_business_server:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC8C7AFA-3D80-4E4D-906E-AC51BD055D89"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}