Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2011-1897 | First vendor Publication | 2011-10-11 |
Vendor | Cve | Last vendor Modification | 2018-10-12 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1897 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13039 | |||
Oval ID: | oval:org.mitre.oval:def:13039 | ||
Title: | Default Reflected XSS Vulnerability | ||
Description: | Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-1897 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2008 | Product(s): | Forefront Unified Access Gateway 2010 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 |
OpenVAS Exploits
Date | Description |
---|---|
2012-10-26 | Name : MS Forefront Unified Access Gateway Remote Code Execution Vulnerabilities (25... File : nvt/secpod_ms11-079.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
76234 | Microsoft Forefront Unified Access Gateway Unspecified XSS |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-10-13 | IAVM : 2011-B-0125 - Multiple Vulnerabilities in Microsoft Forefront Unified Access Gateway (UAG) Severity : Category II - VMSKEY : V0030404 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-04-17 | Microsoft Forefront Unified Access Gateway null session cookie denial of service RuleID : 30209 - Revision : 5 - Type : SERVER-WEBAPP |
2014-01-10 | Microsoft Windows Forefront UAG NLSessionS cookie overflow attempt RuleID : 20272 - Revision : 8 - Type : OS-WINDOWS |
2018-06-15 | Microsoft Client Agent Helper JAR file download request RuleID : 20260-community - Revision : 19 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft Client Agent Helper JAR file download request RuleID : 20260 - Revision : 19 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft Agent Helper Malicious JAR download attempt RuleID : 20259 - Revision : 16 - Type : FILE-OTHER |
2014-01-10 | Microsoft generic javascript handler in URI XSS attempt RuleID : 20258 - Revision : 12 - Type : OS-WINDOWS |
2014-01-10 | Microsoft ForeFront UAG ExcelTable.asp XSS attempt RuleID : 20257 - Revision : 8 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Forefront UAG http response splitting attempt RuleID : 20256 - Revision : 5 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-10-11 | Name : A web application on the remote Windows host has multiple vulnerabilities. File : smb_nt_ms11-079.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Source | Url |
---|---|
MS | https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11... |
OVAL | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... |
Alert History
Date | Informations |
---|---|
2021-05-04 12:14:29 |
|
2021-04-22 01:15:46 |
|
2020-05-23 00:28:31 |
|
2018-10-13 05:18:32 |
|
2017-09-19 09:24:27 |
|
2016-04-26 20:45:40 |
|
2014-02-17 11:02:22 |
|
2014-01-19 21:27:48 |
|
2013-11-11 12:39:23 |
|
2013-05-10 23:00:34 |
|