This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.
A web application on the remote Windows host has multiple
The version of Forefront Unified Access Gateway (UAG) running on the
remote host has multiple vulnerabilities in the Web Monitor
- An HTTP response splitting vulnerability in
- A reflected XSS in ExcelTable.asp. (CVE-2011-1896)
- A reflected XSS in Default.asp. (CVE-2011-1897)
- A code execution vulnerability in a signed Java applet.
Users that access the UAG server from a Java-enabled
web browser are affected. (CVE-2011-1969)
- Processing a null session cookie can cause the web
server to become unresponsive. (CVE-2011-2012)
See also :
Microsoft has released a set of patches for UAG 2010, UAG 2010 Update
1, UAG 2010 Update 2, and UAG 2010 SP1.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true
Family: Windows : Microsoft Bulletins
Nessus Plugin ID: 56453 ()
Bugtraq ID: 4997249974499794998049983
CVE ID: CVE-2011-1895CVE-2011-1896CVE-2011-1897CVE-2011-1969CVE-2011-2012
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.