| Vulnerability Name: | CVE-2004-0892 (CCN-17906) | ||||||||||||
| Assigned: | 2004-11-09 | ||||||||||||
| Published: | 2004-11-09 | ||||||||||||
| Updated: | 2018-10-12 | ||||||||||||
| Summary: | Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results. | ||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Other | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2004-0892 Source: CCN Type: Microsoft Knowledge Base Article 821724 FIX: Basic credentials may be sent over an external HTTP connection when SSL is required Source: CCN Type: Microsoft Security Bulletin MS04-039 Vulnerability in ISA Server 2000 and Proxy Server 2.0 Could Allow Web Site Spoofing (888258) Source: CCN Type: Microsoft Security Bulletin MS05-034 Cumulative Security Update for ISA Server 2000 (899753) Source: BID Type: Patch, Vendor Advisory 11605 Source: CCN Type: BID-11605 Microsoft ISA and Proxy Server Web Site Spoofing Vulnerability Source: MS Type: UNKNOWN MS04-039 Source: XF Type: UNKNOWN isa-cache-reverse-spoof(17906) Source: XF Type: UNKNOWN isa-cache-reverse-spoof(17906) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:4264 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:4859 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||