CVE-2009-0077

2009-04-1508:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2009-0077

microsoft

forefront threat management gateway

isa server

denial of service

vulnerability

nvd

6.5 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.94 High

EPSS

Percentile

99.1%

JSON

The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka “Web Proxy TCP State Limited Denial of Service Vulnerability.”

CPENameOperatorVersion
microsoft:internet_security_and_acceleration_servermicrosoft internet security and acceleration servereq2006
microsoft:internet_security_and_acceleration_servermicrosoft internet security and acceleration servereq2004
microsoft:forefront_threat_management_gatewaymicrosoft forefront threat management gatewayeq-

CPE	Name	Operator	Version
microsoft:internet_security_and_acceleration_server	microsoft internet security and acceleration server	eq	2006
microsoft:internet_security_and_acceleration_server	microsoft internet security and acceleration server	eq	2004
microsoft:forefront_threat_management_gateway	microsoft forefront threat management gateway	eq	-