Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2010-2732 | First vendor Publication | 2010-11-09 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5.8 | Attack Range | Network |
| Cvss Impact Score | 4.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability." |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2732 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12257 | |||
| Oval ID: | oval:org.mitre.oval:def:12257 | ||
| Title: | UAG Redirection Spoofing Vulnerability | ||
| Description: | Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2732 | Version: | 3 |
| Platform(s): | Microsoft Windows Server 2008 | Product(s): | Forefront Unified Access Gateway 2010 |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 69092 | Microsoft Forefront Unified Access Gateway (UAG) Redirection Spoofing Weakness Microsoft Forefront Unified Access Gateway contains a flaw that allows spoofing or redirecting of traffic. This allows remote attackers to redirect targets to arbitrary sites, where the attacker may potentially acquire sensitive information, such as the user's credentials. |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2010-11-10 | IAVM : 2010-A-0159 - Multiple Vulnerabilities in Microsoft Forefront Unified Access Gateway (UAG) Severity : Category II - VMSKEY : V0025710 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Forefront UAG URL XSS alternate attempt RuleID : 18076 - Revision : 11 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows Forefront UAG URL XSS attempt RuleID : 18074 - Revision : 8 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Forefront UAG arbitrary embedded scripting attempt RuleID : 18073 - Revision : 10 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Forefront UAG external redirect attempt RuleID : 18072 - Revision : 9 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-11-09 | Name : An application on the remote host has multiple vulnerabilities File : smb_nt_ms10-089.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:06:58 |
|
| 2024-11-28 12:22:26 |
|
| 2021-05-04 12:11:51 |
|
| 2021-04-22 01:12:24 |
|
| 2020-05-23 00:26:08 |
|
| 2018-10-13 00:22:58 |
|
| 2017-09-19 09:23:51 |
|
| 2016-04-26 19:58:11 |
|
| 2014-02-17 10:56:28 |
|
| 2014-01-19 21:26:58 |
|
| 2013-11-11 12:38:50 |
|
| 2013-05-10 23:29:04 |
|
