Microsoft Forefront Unified Access Gateway Multiple Vulnerabilities( 10 November 2010 )
RISK: Medium Risk
1. UAG Redirection Spoofing Vulnerability
A spoofing vulnerability exists in Forefront Unified Access Gateway (UAG). The vulnerability could allow spoofing or redirecting of traffic intended for the UAG server if a UAG user clicks a specially crafted link. An attacker could send a specially crafted URL to a user of the UAG server to redirect Web traffic to a malicious site with content similar to the original Web site. By doing so, the attacker could potentially acquire sensitive information, such as the user's credentials.
2. UAG XSS Allows EOP Vulnerability
A cross-site scripting (XSS) vulnerability exists in Forefront Unified Access Gateway (UAG) that could allow specially crafted script code to run under the guise of the server. This is a non-persistent cross-site scripting vulnerability that could allow an attacker to issue commands to the UAG server in the context of the targeted user.
3. XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability
A cross-site scripting (XSS) vulnerability exists in Forefront Unified Access Gateway (UAG) that could allow specially crafted script code to run under the guise of the server. This is a non-persistent cross-site scripting vulnerability that could allow an attacker to issue commands to the UAG server in the context of the targeted user.
4. XSS in Signurl.asp Vulnerability
A cross-site scripting (XSS) vulnerability exists in Forefront Unified Access Gateway (UAG) that could allow specially crafted script code to run under the guise of the server. This is a non-persistent cross-site scripting vulnerability that could allow an attacker to issue commands to the UAG server in the context of the targeted user.
Impact
- Elevation of Privilege
System / Technologies affected
- Forefront Unified Access Gateway 2010
- Forefront Unified Access Gateway 2010 Update 1
- Forefront Unified Access Gateway 2010 Update 2
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Forefront Unified Access Gateway 2010
- Forefront Unified Access Gateway 2010 Update 1
- Forefront Unified Access Gateway 2010 Update 2
Vulnerability Identifier
Source
Related Link
Share with