Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0077


Vulnerability Score 5.0 5.0
CVE Id CVE-2009-0077
Last Modified 21 Aug 2010 01:29:41
Published 15 Apr 2009 04:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka "Web Proxy TCP State Limited Denial of Service Vulnerability."

Vulnerable Systems


  • Microsoft Forefront Threat Management Gateway -

  • Microsoft Internet Security And Acceleration Server 2004

  • Microsoft Internet Security And Acceleration Server 2006


CERT - TA09-104A

MS - MS09-016

VUPEN - ADV-2009-1030

SECTRACK - 1022045

SECUNIA - 34687

OSVDB - 53636

Last Updated: 27 May 2016 10:50:06