 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.903045 |
| Categoría: | Windows : Microsoft Bulletins |
| Título: | Microsoft Forefront Unified Access Gateway Remote Code Execution Vulnerabilities (2544641) |
| Resumen: | This host is missing an important security update according to; Microsoft Bulletin MS11-079. |
| Descripción: | Summary: This host is missing an important security update according to Microsoft Bulletin MS11-079. Vulnerability Insight: The flaws are due to: - when Forefront Unified Access Gateway (UAG) does not properly handle script contained in a specially crafted request, allowing for malicious content to be reflected back to the user. - by an error within the MicrosoftClient.jar Java applet insecurely implements certain methods. - by improper validation of a NULL value contained within the session cookie. Vulnerability Impact: Successful exploitation could allow attackers to conduct cross-site scripting and HTTP response splitting attacks, cause a denial of service. Affected Software/OS: - Microsoft Forefront Unified Access Gateway 2010 - Microsoft Forefront Unified Access Gateway 2010 Update 1 - Microsoft Forefront Unified Access Gateway 2010 Update 2 - Microsoft Forefront Unified Access Gateway 2010 Service Pack 1 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-1895 BugTraq ID: 49979 http://www.securityfocus.com/bid/49979 Microsoft Security Bulletin: MS11-079 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-079 http://osvdb.org/76235 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13064 Common Vulnerability Exposure (CVE) ID: CVE-2011-1896 http://osvdb.org/76233 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12197 Common Vulnerability Exposure (CVE) ID: CVE-2011-1897 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13039 Common Vulnerability Exposure (CVE) ID: CVE-2011-1969 BugTraq ID: 49983 http://www.securityfocus.com/bid/49983 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13032 Common Vulnerability Exposure (CVE) ID: CVE-2011-2012 BugTraq ID: 49980 http://www.securityfocus.com/bid/49980 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12799 |
| Copyright | Copyright (C) 2012 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |