MS12-026: Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860) (uncredentialed check)
Medium Nessus Plugin ID 58902
SynopsisA web application on the remote Windows host has multiple vulnerabilities.
DescriptionThe version of Forefront Unified Access Gateway (UAG) running on the remote host has multiple vulnerabilities :
- A spoofing vulnerability exists that could allow an attacker to redirect a victim to a malicious website.
An attacker would have to trick the victim into clicking a specially crafted link in order to trigger the vulnerability. (CVE-2012-0146)
- A flaw exists that could allow an unauthenticated user to access the default website of the UAG server from the external network. (CVE-2012-0147)
SolutionMicrosoft has released a set of patches for UAG 2010 SP1 and UAG 2010 SP1 Update 1.