Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2011-1895 | First vendor Publication | 2011-10-11 |
Vendor | Cve | Last vendor Modification | 2018-10-12 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1895 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13064 | |||
Oval ID: | oval:org.mitre.oval:def:13064 | ||
Title: | ExcelTable Response Splitting XSS Vulnerability | ||
Description: | CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-1895 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2008 | Product(s): | Forefront Unified Access Gateway 2010 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 |
OpenVAS Exploits
Date | Description |
---|---|
2012-10-26 | Name : MS Forefront Unified Access Gateway Remote Code Execution Vulnerabilities (25... File : nvt/secpod_ms11-079.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
76235 | Microsoft Forefront Unified Access Gateway ExcelTables Response Splitting Uns... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-10-13 | IAVM : 2011-B-0125 - Multiple Vulnerabilities in Microsoft Forefront Unified Access Gateway (UAG) Severity : Category II - VMSKEY : V0030404 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-04-17 | Microsoft Forefront Unified Access Gateway null session cookie denial of service RuleID : 30209 - Revision : 5 - Type : SERVER-WEBAPP |
2014-01-10 | Microsoft Windows Forefront UAG NLSessionS cookie overflow attempt RuleID : 20272 - Revision : 8 - Type : OS-WINDOWS |
2018-06-15 | Microsoft Client Agent Helper JAR file download request RuleID : 20260-community - Revision : 19 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft Client Agent Helper JAR file download request RuleID : 20260 - Revision : 19 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft Agent Helper Malicious JAR download attempt RuleID : 20259 - Revision : 16 - Type : FILE-OTHER |
2014-01-10 | Microsoft generic javascript handler in URI XSS attempt RuleID : 20258 - Revision : 12 - Type : OS-WINDOWS |
2014-01-10 | Microsoft ForeFront UAG ExcelTable.asp XSS attempt RuleID : 20257 - Revision : 8 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Forefront UAG http response splitting attempt RuleID : 20256 - Revision : 5 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-10-11 | Name : A web application on the remote Windows host has multiple vulnerabilities. File : smb_nt_ms11-079.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:14:29 |
|
2021-04-22 01:15:46 |
|
2020-05-23 00:28:31 |
|
2018-10-13 05:18:32 |
|
2017-09-19 09:24:27 |
|
2016-06-28 18:39:43 |
|
2016-04-26 20:45:39 |
|
2014-02-17 11:02:22 |
|
2014-01-19 21:27:48 |
|
2013-11-11 12:39:23 |
|
2013-05-10 23:00:33 |
|