Computer Security

Microsoft Forefront Unified Access Gateway multiple security vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Microsoft Forefront Unified Access Gateway multiple security vulnerabilities
updated since 12.10.2011
Published:16.10.2011
Source:MICROSOFT
SecurityVulns ID:11964
Type:remote
Level:6/10
Description:Code execution, crossite scripting, DoS.
Affected:MICROSOFT : Forefront Unified Access Gateway 2010
CVE:CVE-2011-1969 (Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability.")
 CVE-2011-1895 (CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability.")
Original documentdocumentDaniel Fabian, SEC Consult SA-20111012-0 :: Client-side remote file upload & command execution in Microsoft Forefront UAG Remote Access Agent (CVE-2011-1969) (16.10.2011)
Files:Microsoft Security Bulletin MS11-079 - Important Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru