CVE-2009-0077
Last modified
CVE-2009-0077 is a vulnerability of currently unknown severity. The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka "Web Proxy TCP State Limited Denial of Service Vulnerability.". EPSS estimates a 78.50% chance of exploitation in the next 30 days.
Description
The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka "Web Proxy TCP State Limited Denial of Service Vulnerability."
Metrics
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Forefront Threat Management Gateway | All versions | — |
| Microsoft | Internet Security And Acceleration Server | 2004 | Sp3 |
| Microsoft | Internet Security And Acceleration Server | 2006 | Sp1 |
References
- http://www.us-cert.gov/cas/techalerts/TA09-104A.htmlUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA09-104A.htmlUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-0077?
How severe is CVE-2009-0077?
How do I fix CVE-2009-0077?
Are you affected by CVE-2009-0077?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST