This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
A web application on the remote Windows host has multiple
The version of Forefront Unified Access Gateway (UAG) running on the
remote host has multiple vulnerabilities :
- A spoofing vulnerability exists that could allow an
attacker to redirect a victim to a malicious website.
An attacker would have to trick the victim into clicking
a specially crafted link in order to trigger the
- A flaw exists that could allow an unauthenticated user
to access the default website of the UAG server from the
external network. (CVE-2012-0147)
See also :
Microsoft has released a set of patches for UAG 2010 SP1 and UAG 2010
SP1 Update 1.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 58902 ()
Bugtraq ID: 5290352909
CVE ID: CVE-2012-0146CVE-2012-0147
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.