CVE-2007-4991

Published: Sep 21, 2007Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.

Affected (2)

Products: Microsoft: Isa Server

Microsoft

1 product

Isa Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Isa Server	Version 2004 sp1
Microsoft Isa Server	Version 2004 sp2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://osvdb.org/45906

Source: cve@mitre.org

http://www.securityfocus.com/bid/25753

Source: cve@mitre.org

Patch

http://www.securitytracker.com/id?1018727

Source: cve@mitre.org

http://www.zerodayinitiative.com/advisories/ZDI-07-053.html

Source: cve@mitre.org

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/36715

Source: cve@mitre.org

http://osvdb.org/45906