Microsoft Forefront Unified Access Gateway Multiple Vulnerabilities
Last Update Date:
12 Oct 2011 11:53
Release Date:
12 Oct 2011
5852
Views
RISK: High Risk
TYPE: Security software and application - Security Software & Appliance
- ExcelTable Response Splitting XSS Vulnerability
An HTTP response splitting vulnerability exists in Microsoft Forefront Unified Access Gateway (UAG) server where JavaScript can be injected back to the user in the resulting page, effectively allowing attacker-controlled JavaScript to run in the context of the user clicking the link. - ExcelTable Reflected XSS Vulnerability
An XSS vulnerability exists in Microsoft Forefront Unified Access Gateway (UAG) server where JavaScript can be injected back to the user in the resulting page, effectively allowing attacker-controlled JavaScript to run in the context of the user clicking the link. - Default Reflected XSS Vulnerability
An XSS vulnerability exists in Microsoft Forefront Unified Access Gateway (UAG) server where JavaScript can be injected back to the user in the resulting page, effectively allowing attacker-controlled JavaScript to run in the context of the user clicking the link. - Poisoned Cup of Code Execution Vulnerability
Microsoft Forefront Unified Access Gateway (UAG) applies a signed Java applet that can be leveraged by malicious Web sites to cause remote code execution on any Java-enabled Web browser. - Null Session Cookie Crash
A denial of service vulnerability exists in implementations of Microsoft Forefront Unified Access Gateway (UAG). When this occurs, an attacker could leverage the vulnerability to stop the IIS worker process and deny access to Web services on the affected system.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Forefront Unified Access Gateway 2010
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Download location for patches:
http://technet.microsoft.com/en-us/security/bulletin/ms11-079
Vulnerability Identifier
- CVE-2011-1993
- CVE-2011-1995
- CVE-2011-1996
- CVE-2011-1997
- CVE-2011-1998
- CVE-2011-1999
- CVE-2011-2000
- CVE-2011-2001
Source
Related Link
Share with