Microsoft Forefront Unified Access Gateway Multiple Vulnerabilities

Last Update Date: 12 Oct 2011 11:53 Release Date: 12 Oct 2011 4844 Views

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

ExcelTable Response Splitting XSS Vulnerability
An HTTP response splitting vulnerability exists in Microsoft Forefront Unified Access Gateway (UAG) server where JavaScript can be injected back to the user in the resulting page, effectively allowing attacker-controlled JavaScript to run in the context of the user clicking the link.
ExcelTable Reflected XSS Vulnerability
An XSS vulnerability exists in Microsoft Forefront Unified Access Gateway (UAG) server where JavaScript can be injected back to the user in the resulting page, effectively allowing attacker-controlled JavaScript to run in the context of the user clicking the link.
Default Reflected XSS Vulnerability
An XSS vulnerability exists in Microsoft Forefront Unified Access Gateway (UAG) server where JavaScript can be injected back to the user in the resulting page, effectively allowing attacker-controlled JavaScript to run in the context of the user clicking the link.
Poisoned Cup of Code Execution Vulnerability
Microsoft Forefront Unified Access Gateway (UAG) applies a signed Java applet that can be leveraged by malicious Web sites to cause remote code execution on any Java-enabled Web browser.
Null Session Cookie Crash
A denial of service vulnerability exists in implementations of Microsoft Forefront Unified Access Gateway (UAG). When this occurs, an attacker could leverage the vulnerability to stop the IIS worker process and deny access to Web services on the affected system.