CVE-2011-2012

EPSS 19.03%
Veröffentlicht 12.10.2011 02:52:44
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Forefront Unified Access Gateway Version2010

Microsoft ≫ Forefront Unified Access Gateway Version2010 Updatesp1

Microsoft ≫ Forefront Unified Access Gateway Version2010 Updateupdate1

Microsoft ≫ Forefront Unified Access Gateway Version2010 Updateupdate2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	19.03%	0.948

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-079

http://www.securityfocus.com/bid/49980

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12799

https://nvd.nist.gov/vuln/detail/CVE-2011-2012

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-2012

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-2012

EUVD