Lucene search
HistoryOct 12, 2011 - 2:52 a.m.
CVE-2011-2012
cve-2011-2012
microsoft
forefront uag
update 1
update 2
sp1
session cookies
denial of service
iis outage
null session cookie crash
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.7 Medium
AI Score
Confidence
Low
0.118 Low
EPSS
Percentile
95.4%
Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka “Null Session Cookie Crash.”
Affected configurations
Node
microsoftforefront_unified_access_gatewayMatch2010
ORmicrosoftforefront_unified_access_gatewayMatch2010sp1
ORmicrosoftforefront_unified_access_gatewayMatch2010update1
ORmicrosoftforefront_unified_access_gatewayMatch2010update2
| CPE | Name | Operator | Version |
|---|---|---|---|
| microsoft:forefront_unified_access_gateway | microsoft forefront unified access gateway | eq | 2010 |
Related
checkpoint_advisories
checkpoint_advisories
cvelist
cvelist
CVE-2011-2012
2011-10-12 01:00:00
nvd
nvd
CVE-2011-2012
2011-10-12 02:52:44
prion
prion
Session fixation
2011-10-12 02:52:00
openvas
openvas
mskb
mskb
nessus
nessus
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.7 Medium
AI Score
Confidence
Low
0.118 Low
EPSS
Percentile
95.4%
Related for CVE-2011-2012