Microsoft ISA Server HTTP Request Smuggling Vulnerability

Microsoft Internet Security and Acceleration (ISA) server is reported prone to a HTTP request smuggling attack.

The vendor reports that Microsoft ISA server fails to correctly handle an invalid HTTP request that contains multiple 'Content-Length' values in an invalid HTTP header.

A remote attacker may exploit this issue to launch cache poisoning or content-restriction bypass attacks against the affected server.


Privacy Statement
Copyright 2010, SecurityFocus