Vulnerability Description
Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Forefront Unified Access Gateway | 2010 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/49980
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-07
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://www.securityfocus.com/bid/49980
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-07
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2011-2012?
CVE-2011-2012 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outa...
How severe is CVE-2011-2012?
CVE-2011-2012 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2012?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Forefront Unified Access Gateway.