ISA Server 2000 Web site visitors may be directed to unexpected content (901117)


The information in this article applies to:

  • Microsoft Windows Small Business Server 2003, Premium Edition
  • Microsoft Internet Security and Acceleration Server 2000 SP2
  • Microsoft Small Business Server 2000 SP1

SYMPTOMS

Microsoft Internet Security and Acceleration (ISA) Server 2000 Web site visitors may be directed to unexpected content.

CAUSE

The ISA Server 2000 Web Proxy cache may be subject to cache poisoning through HTTP request smuggling.

RESOLUTION

To resolve this problem, install security update 899753 (MS05-034). For more information about security update 899753, click the following article number to view the article in the Microsoft Knowledge Base:

899753 MS05-034: Cumulative Security Update for Internet Security and Acceleration (ISA) Server 2000

MORE INFORMATION

When ISA Server 2000 operates in firewall mode, ISA Server 2000 does not include ISA caching functionality and is not vulnerable to HTTP request smuggling.

For more information about HTTP request smuggling, visit the following Watchfire Web site:

http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf

For more information about HTTP request smuggling, click the following article number to view the article in the Microsoft Knowledge Base:

899753 MS05-034: Cumulative security update for Internet Security and Acceleration (ISA) Server 2000

Modification Type:MinorLast Reviewed:7/26/2006
Keywords:kbprb KB901117
©2004 Microsoft Corporation. All rights reserved.