Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Forefront Unified Access Gateway multiple security vulnerabilities
updated since 12.10.2011
Published:16.10.2011
Source:
SecurityVulns ID:11964
Type:remote
Threat Level:
6/10
Description:Code execution, crossite scripting, DoS.
Affected:MICROSOFT : Forefront Unified Access Gateway 2010
CVE:CVE-2011-1969 (Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability.")
 CVE-2011-1895 (CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability.")
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20111012-0 :: Client-side remote file upload & command execution in Microsoft Forefront UAG Remote Access Agent (CVE-2011-1969) (16.10.2011)
Files:Microsoft Security Bulletin MS11-079 - Important Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod