CVE-2001-1533

moderate-risk

Published 2001-12-31

Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE

Do I need to act?

26.9% chance of exploitation in next 30 days

EPSS score — higher than 73% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Isa Server

Affected Vendors

Microsoft

References (8)

http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00018.html

http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00031.html

http://www.iss.net/security_center/static/7446.php

http://www.securityfocus.com/bid/3501

http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00018.html

http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00031.html

http://www.iss.net/security_center/static/7446.php

http://www.securityfocus.com/bid/3501

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 15/34 · Moderate

Exposure 5/34 · Minimal