|
Applies to: Winfrasoft
X-Forwarded-For for ISA Server
Severity: High
Problem: A security
vulnerability has been discovered in Winfrasoft Winfrasoft X-Forwarded-For for
ISA Server which could result in a denial of service. A successful delivery of
the attack could leave the ISA Server Firewall service in a stopped state
preventing ISA Server from serving traffic. No unauthorised access is gained or
compromised.
Affected versions:
All versions of Winfrasoft X-Forwarded-For for ISA Server up to and including
2.0.4. This also includes prior version 1.x builds.
Mitigation:
The risk of attack is greatest where ISA Server is being used as a reverse proxy
as inbound access from the Internet is allowed. If ISA Server is being used as a
forward proxy server then the attack could only be launched from the internal
network which poses a much lower risk. The only method of mitigating the issue
without upgrading to the new version is to disable or uninstall X-Forwarded-For
for ISA Server.
Resolution:
An updated version of Winfrasoft X-Forwarded-For for
ISA Server has released which corrects the issue. The security fix is
included in all builds from, and including version 2.0.6.
More information:
Winfrasoft was privately notified about the issue, and under "responsible
disclosure guidelines" we shall not be detailing exact attack methodology. The
attack has been publically exploited in the wild although it is not known if
this was specifically an attack targeted against Winfrasoft X-Forwarded-For for
ISA Server.
Last updated: 04/09/2009 |