‘Microsoft ISA Server 2004 Log Manipulation’
”Microsoft Internet Security and Acceleration (ISA) Server 2004 is the advanced stateful packet and application-layer inspection firewall, virtual private network (VPN), and Web cache solution that enables enterprise customers to easily maximize existing information technology (IT) investments by improving network security and performance.’
‘The information has been provided by Noam Rathaus using the beSTORM fuzzer.
The original article can be found at: http://www.beyondsecurity.com/besirt/advisories/042006-001-ISA-LM.txt‘
* Microsoft ISA Server 2004
By sending the following request to the server:
GET / HTTP/1.0
We were able to insert arbitrary characters, in this case the ASCII characters
0x01,0x02, 0x03, 0x04 (respectively) into the Destination Host parameter of
the log file.
This has been found after 3 days of running the beSTORM fuzzer at 600+ Sessions per Second while monitoring the ISA Server log file for problems.
‘Microsoft does not consider this issue to be a security vulnerability.’
Reported to vendor: December, 2005
Public release date: 4th of May, 2006′