CVE-2007-4991

CWE-200 — Information Exposure3 documents3 sources

Severity

5.0MEDIUM

EPSS

47.5%

top 2.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft ISA Server

Timeline

PublishedSep 21

Latest updateMay 1

Description

The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/isa_server2004

Patches

Patch: www.securityfocus.com ↗Patch: www.zerodayinitiative.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-x2hg-rgmp-3453: The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive↗2022-05-01

▶

CVEList

CVE-2007-4991: The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive↗2007-09-21

▶