The host is installed with Microsoft Forefront Unified Access Gateway 2010 or Microsoft Forefront Unified Access Gateway 2010 update 1 or Microsoft Forefront Unified Access Gateway 2010 update 2 or Microsoft Forefront Unified Access Gateway 2010 service pack 1 and is prone to denial of service vulnerability. A flaw is present in the application which is caused by improper validation of a NULL value contained within the session cookie. Successful exploitation allows remote attackers to crash the web server on the affected UAG machine.