CVE-2009-0077

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Security And Acceleration Server; Forefront Threat Management Gateway
Vendor: CVE Published:; 15 April 2009

Summary

The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka "Web Proxy TCP State Limited Denial of Service Vulnerability."

References

http://www.securitytracker.com/id?1022045

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://osvdb.org/53636

vdb-entryx_refsource_OSVDB

EPSS Score

94% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 15, 2009
Vulnerability Reserved
Jan 8, 2009

Collectors

NVD DatabaseMitre Database