MS12-026: Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860)

medium Nessus Plugin ID 58658

Synopsis

A web application on the remote Windows host has multiple vulnerabilities.

Description

The version of Forefront Unified Access Gateway (UAG) running on the remote host has multiple vulnerabilities :

- A spoofing vulnerability that could allow an attacker to redirect a victim to a malicious website. An attacker would have to trick the victim into clicking a specially crafted link in order to trigger the vulnerability.
(CVE-2012-0146)

- A flaw that could allow an unauthenticated user to access the default website of the UAG server from the external network. (CVE-2012-0147)

Solution

Microsoft has released a set of patches for UAG 2010 SP1 and UAG 2010 SP 1 Update 1.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-026

Plugin Details

Severity: Medium

ID: 58658

File Name: smb_nt_ms12-026.nasl

Version: 1.13

Type: local

Agent: windows

Published: 4/11/2012

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.9

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:forefront_unified_access_gateway

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 4/10/2012

Vulnerability Publication Date: 4/10/2012

Reference Information

CVE: CVE-2012-0146, CVE-2012-0147

BID: 52903, 52909

MSFT: MS12-026

MSKB: 2649261, 2649262