CVE-2007-4991
Microsoft ISA Server 2004 SP1 and SP2 - Information Disclosure via Empty SOCKS4 Packet
Title source: llmDescription
The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.
References (5)
Core 5
Core References
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25753
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018727
Patch, Vendor Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-07-053.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36715
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/45906
Scores
EPSS
0.1615
EPSS Percentile
96.5%
Details
CWE
CWE-200
Status
published
Products (1)
microsoft/isa_server
2004 sp1 (2 CPE variants)
Published
Sep 21, 2007
Tracked Since
Feb 18, 2026