Skip to main content

Microsoft Forefront Unified Access Gateway Multiple Vulnerabilities

Last Update Date: 12 Oct 2011 11:53 Release Date: 12 Oct 2011 5852 Views

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance
  1. ExcelTable Response Splitting XSS Vulnerability
    An HTTP response splitting vulnerability exists in Microsoft Forefront Unified Access Gateway (UAG) server where JavaScript can be injected back to the user in the resulting page, effectively allowing attacker-controlled JavaScript to run in the context of the user clicking the link.
  2. ExcelTable Reflected XSS Vulnerability
    An XSS vulnerability exists in Microsoft Forefront Unified Access Gateway (UAG) server where JavaScript can be injected back to the user in the resulting page, effectively allowing attacker-controlled JavaScript to run in the context of the user clicking the link.
  3. Default Reflected XSS Vulnerability
    An XSS vulnerability exists in Microsoft Forefront Unified Access Gateway (UAG) server where JavaScript can be injected back to the user in the resulting page, effectively allowing attacker-controlled JavaScript to run in the context of the user clicking the link.
  4. Poisoned Cup of Code Execution Vulnerability
    Microsoft Forefront Unified Access Gateway (UAG) applies a signed Java applet that can be leveraged by malicious Web sites to cause remote code execution on any Java-enabled Web browser.
  5. Null Session Cookie Crash
    A denial of service vulnerability exists in implementations of Microsoft Forefront Unified Access Gateway (UAG). When this occurs, an attacker could leverage the vulnerability to stop the IIS worker process and deny access to Web services on the affected system.

Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Forefront Unified Access Gateway 2010

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link