Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)
Informations
Name MS11-079 First vendor Publication 2011-10-11
Vendor Microsoft Last vendor Modification 2011-10-11
Severity (Vendor) Important Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Severity Rating: Important

Revision Note: V1.0 (October 11, 2011): Bulletin published.

Summary: This security update resolves five privately reported vulnerabilities in Forefront Unified Access Gateway (UAG). The most severe of these vulnerabilities could allow remote code execution if a user visits an affected Web site using a specially crafted URL. However, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.

Original Source

Url : http://technet.microsoft.com/en-us/security/bulletin/ms11-079

CWE : Common Weakness Enumeration

% Id Name
40 % CWE-94 Failure to Control Generation of Code ('Code Injection')
40 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
20 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12197
 
Oval ID: oval:org.mitre.oval:def:12197
Title: ExcelTable Reflected XSS Vulnerability
Description: Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1896
Version: 5
Platform(s): Microsoft Windows Server 2008
Product(s): Forefront Unified Access Gateway 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12799
 
Oval ID: oval:org.mitre.oval:def:12799
Title: Null Session Cookie Crash
Description: Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
Family: windows Class: vulnerability
Reference(s): CVE-2011-2012
Version: 5
Platform(s): Microsoft Windows Server 2008
Product(s): Forefront Unified Access Gateway 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13032
 
Oval ID: oval:org.mitre.oval:def:13032
Title: Poisoned Cup of Code Execution Vulnerability
Description: Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1969
Version: 5
Platform(s): Microsoft Windows Server 2008
Product(s): Forefront Unified Access Gateway 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13039
 
Oval ID: oval:org.mitre.oval:def:13039
Title: Default Reflected XSS Vulnerability
Description: Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1897
Version: 5
Platform(s): Microsoft Windows Server 2008
Product(s): Forefront Unified Access Gateway 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13064
 
Oval ID: oval:org.mitre.oval:def:13064
Title: ExcelTable Response Splitting XSS Vulnerability
Description: CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1895
Version: 5
Platform(s): Microsoft Windows Server 2008
Product(s): Forefront Unified Access Gateway 2010
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4

SAINT Exploits

Description Link
Microsoft Forefront Unified Access Gateway Java Applet Signed Code Execution More info here

OpenVAS Exploits

Date Description
2012-10-26 Name : MS Forefront Unified Access Gateway Remote Code Execution Vulnerabilities (25...
File : nvt/secpod_ms11-079.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
76237 Microsoft Forefront Unified Access Gateway IIS NULL Session Cookie Parsing Re...

76236 Microsoft Forefront Unified Access Gateway MicrosoftClient.jar JAR File Code ...

76235 Microsoft Forefront Unified Access Gateway ExcelTables Response Splitting Uns...

76234 Microsoft Forefront Unified Access Gateway Unspecified XSS

76233 Microsoft Forefront Unified Access Gateway ExcelTables Unspecified XSS

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-10-13 IAVM : 2011-B-0125 - Multiple Vulnerabilities in Microsoft Forefront Unified Access Gateway (UAG)
Severity : Category II - VMSKEY : V0030404

Snort® IPS/IDS

Date Description
2014-04-17 Microsoft Forefront Unified Access Gateway null session cookie denial of service
RuleID : 30209 - Revision : 5 - Type : SERVER-WEBAPP
2014-01-10 Microsoft Windows Forefront UAG NLSessionS cookie overflow attempt
RuleID : 20272 - Revision : 8 - Type : OS-WINDOWS
2018-06-15 Microsoft Client Agent Helper JAR file download request
RuleID : 20260-community - Revision : 19 - Type : FILE-IDENTIFY
2014-01-10 Microsoft Client Agent Helper JAR file download request
RuleID : 20260 - Revision : 19 - Type : FILE-IDENTIFY
2014-01-10 Microsoft Agent Helper Malicious JAR download attempt
RuleID : 20259 - Revision : 16 - Type : FILE-OTHER
2014-01-10 Microsoft generic javascript handler in URI XSS attempt
RuleID : 20258 - Revision : 12 - Type : OS-WINDOWS
2014-01-10 Microsoft ForeFront UAG ExcelTable.asp XSS attempt
RuleID : 20257 - Revision : 8 - Type : OS-WINDOWS
2014-01-10 Microsoft Forefront UAG http response splitting attempt
RuleID : 20256 - Revision : 5 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2011-10-11 Name : A web application on the remote Windows host has multiple vulnerabilities.
File : smb_nt_ms11-079.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2014-04-17 21:22:05
  • Multiple Updates
2014-02-17 11:47:07
  • Multiple Updates
2014-01-19 21:30:44
  • Multiple Updates
2013-11-11 12:41:25
  • Multiple Updates
2013-05-11 00:49:53
  • Multiple Updates