Denial of service vulnerability in Microsoft Forefront and ISA Server
CVE-2009-0077

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Security And Acceleration Server; Forefront Threat Management Gateway
Vendor: CVE Published:; 15 April 2009

Summary

The vulnerability in the firewall engine of Microsoft Forefront Threat Management Gateway and ISA Server results from improper management of session states in web listeners. By sending specially crafted packets, remote attackers can create numerous stale sessions, leading to a denial of service. This can severely disrupt network availability and hinder legitimate user access, demanding urgent remediation efforts from affected organizations.

References

http://www.securitytracker.com/id?1022045

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://osvdb.org/53636

vdb-entryx_refsource_OSVDB

EPSS Score

87% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 15, 2009
Vulnerability Reserved
Jan 8, 2009