Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Alert: Microsoft Security Bulletin - MS03-028
From: Russ (Russ.CooperRC.ON.CA)
Date: Wed Jul 16 2003 - 12:01:21 CDT
Flaw in ISA Server Error Pages Could Allow Cross-Site Scripting Attack (816456)
Originally posted: July 16, 2003
Who should read this bulletin: System administrators running Microsoft® Internet Security and Acceleration (ISA) Server 2000
Impact of vulnerability: Allows an attacker to execute code of their choice
Maximum Severity Rating: Important
Recommendation: System administrators should install the patch at the earliest available opportunity.
End User Bulletin: An end user version of this bulletin is available at:
- Microsoft Internet Security and Acceleration (ISA) Server 2000
ISA Server contains a number of HTML-based error pages that allow the server to respond to a client requesting a Web resource with a customized error. A cross-site scripting vulnerability exists in many of these error pages that are returned by ISA Server under specific error conditions.
To exploit this flaw, an attacker would have to first be aware of a specific ISA server and its access policies or host an ISA server of their own and create specific access policies designed to exploit this vulnerability. The attacker could then craft a request to trigger a page refusal. Once the attack was crafted, the attacker would have to host a Web site containing the link, or send the link to the user in the form of an HTML e-mail. After the user previewed or opened the e-mail, the malicious site could be visited automatically without further user interaction. In the Web-based attack scenario, an attacker would have no way to force a user to visit the Web site.
- The vulnerability could only be exploited if the attacker could entice another user into visiting a Web page and clicking a link on it, or opening an HTML-based e-mail.
- The request must be one that would cause the ISA server to respond with one of several affected error pages.
- The vulnerability would not normally enable an attacker to gain any privileges on an affected ISA Server computer, breach the firewall, or compromise any cached content, unless the user is operating on the ISA server itself and is using the Web Proxy service to access the Internet.
Vulnerability identifier: CAN-2003-0526
This email is sent to NTBugtraq automatically as a service to my subscribers. (v1.18)
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available. And now, for
a limited time, you can save 33% off of the TICSA certification exam! To
learn more about the TICSA certification, and to register as a TICSA
candidate online, just go to