CVE-2011-2012

EPSS 19.03%
Published 12.10.2011 02:52:44
Last modified 11.04.2025 00:51:21
Source secure@microsoft.com
Teams watchlist Login
Open Login

Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Forefront Unified Access Gateway Version2010

Microsoft ≫ Forefront Unified Access Gateway Version2010 Updatesp1

Microsoft ≫ Forefront Unified Access Gateway Version2010 Updateupdate1

Microsoft ≫ Forefront Unified Access Gateway Version2010 Updateupdate2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	19.03%	0.948

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-079

http://www.securityfocus.com/bid/49980

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12799

https://nvd.nist.gov/vuln/detail/CVE-2011-2012

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-2012

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-2012

EUVD