Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0077

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-0077
Last Modified 21 Aug 2010 01:29:41
Published 15 Apr 2009 04:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0077

Summary

The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka "Web Proxy TCP State Limited Denial of Service Vulnerability."

Vulnerable Systems

Application

  • Microsoft Forefront Threat Management Gateway -

  • Microsoft Internet Security And Acceleration Server 2004

  • Microsoft Internet Security And Acceleration Server 2006


References

CERT - TA09-104A

MS - MS09-016

VUPEN - ADV-2009-1030

SECTRACK - 1022045

SECUNIA - 34687

OSVDB - 53636


Last Updated: 27 May 2016 10:50:06