Microsoft KB Archive/901117

= ISA Server 2000 Web site visitors may be directed to unexpected content =

Article ID: 901117

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Windows Small Business Server 2003 Premium Edition
 * Microsoft Internet Security and Acceleration Server 2000 Service Pack 2
 * Microsoft BackOffice Small Business Server 2000 Service Pack 1

-





SYMPTOMS
Microsoft Internet Security and Acceleration (ISA) Server 2000 Web site visitors may be directed to unexpected content.



CAUSE
The ISA Server 2000 Web Proxy cache may be subject to cache poisoning through HTTP request smuggling.



RESOLUTION
To resolve this problem, install security update 899753 (MS05-034). For more information about security update 899753, click the following article number to view the article in the Microsoft Knowledge Base:

899753 MS05-034: Cumulative Security Update for Internet Security and Acceleration (ISA) Server 2000



MORE INFORMATION
When ISA Server 2000 operates in firewall mode, ISA Server 2000 does not include ISA caching functionality and is not vulnerable to HTTP request smuggling.

For more information about HTTP request smuggling, visit the following Watchfire Web site:

http://www.cgisecurity.com/lib/HTTP-Request-Smuggling.pdf

For more information about HTTP request smuggling, click the following article number to view the article in the Microsoft Knowledge Base:

899753 MS05-034: Cumulative security update for Internet Security and Acceleration (ISA) Server 2000

Keywords: kbprb KB901117

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.