VULHUB ™

Microsoft ISA Server improperly allows FTP bounce attacks through its ftp application filter component. This vulnerability manifests itself if an FTP server affected by BID 126, also described in the CERT advisory CA-1997-27, is protected by Microsoft ISA Server. An FTP server that is vulnerable to the FTP bounce attack can be used by an attacker to bypass IP based access controls. This issue is not present if an FTP server is not used.

Microsoft ISA Server improperly allows FTP bounce attacks through its ftp application filter component. This vulnerability manifests itself if an FTP server affected by BID 126, also described in the CERT advisory CA-1997-27, is protected by Microsoft ISA Server. An FTP server that is vulnerable to the FTP bounce attack can be used by an attacker to bypass IP based access controls. This issue is not present if an FTP server is not used.