MS11-079: Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)

This script is Copyright (C) 2011-2017 Tenable Network Security, Inc.

Synopsis :

A web application on the remote Windows host has multiple

Description :

The version of Forefront Unified Access Gateway (UAG) running on the
remote host has multiple vulnerabilities in the Web Monitor
component :

- An HTTP response splitting vulnerability in
ExcelTable.asp. (CVE-2011-1895)

- A reflected XSS in ExcelTable.asp. (CVE-2011-1896)

- A reflected XSS in Default.asp. (CVE-2011-1897)

- A code execution vulnerability in a signed Java applet.
Users that access the UAG server from a Java-enabled
web browser are affected. (CVE-2011-1969)

- Processing a null session cookie can cause the web
server to become unresponsive. (CVE-2011-2012)

See also :

Solution :

Microsoft has released a set of patches for UAG 2010, UAG 2010 Update
1, UAG 2010 Update 2, and UAG 2010 SP1.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 56453 ()

Bugtraq ID: 49972

CVE ID: CVE-2011-1895

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now