CVE-2009-0077 — Microsoft Internet Security AND Acceleration Server vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

88.7%

top 0.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Security AND Acceleration Server

Timeline

PublishedApr 15

Latest updateMay 2

Description

The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka "Web Proxy TCP State Limited Denial of Service Vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/internet_security_and_acceleration_server2004, 2006+1

🔴Vulnerability Details

GHSA

GHSA-9rc2-2223-5qcp: The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA)↗2022-05-02

▶

CVEList

CVE-2009-0077: The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA)↗2009-04-15

▶