This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.
A web application on the remote Windows host has multiple
The version of Forefront Unified Access Gateway (UAG) running on the
remote host has multiple vulnerabilities in the Web Monitor
- An HTTP response splitting vulnerability in
- A reflected XSS in ExcelTable.asp. (CVE-2011-1896)
- A reflected XSS in Default.asp. (CVE-2011-1897)
- A code execution vulnerability in a signed Java applet.
Users that access the UAG server from a Java-enabled
web browser are affected. (CVE-2011-1969)
- Processing a null session cookie can cause the web
server to become unresponsive. (CVE-2011-2012)
See also :
Microsoft has released a set of patches for UAG 2010, UAG 2010 Update
1, UAG 2010 Update 2, and UAG 2010 SP1.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true