Detections
Analytics
MS12-026: Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860) (uncredentialed check)
medium Nessus Plugin ID 58902
Language:
Synopsis
A web application on the remote Windows host has multiple vulnerabilities.Description
The version of Forefront Unified Access Gateway (UAG) running on the remote host has multiple vulnerabilities :- A spoofing vulnerability exists that could allow an attacker to redirect a victim to a malicious website.
An attacker would have to trick the victim into clicking a specially crafted link in order to trigger the vulnerability. (CVE-2012-0146)
- A flaw exists that could allow an unauthenticated user to access the default website of the UAG server from the external network. (CVE-2012-0147)
Solution
Microsoft has released a set of patches for UAG 2010 SP1 and UAG 2010 SP1 Update 1.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-026
Plugin Details
Severity: Medium
ID: 58902
File Name: forefront_uag_ms12-026.nbin
Version: 1.230
Type: remote
Family: Web Servers
Published: 4/27/2012
Updated: 4/23/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.9
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.6
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:forefront_unified_access_gateway
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 4/10/2012
Vulnerability Publication Date: 4/10/2012
Reference Information
CVE: CVE-2012-0146, CVE-2012-0147