Gravité: : Medium
  Identifiant(s) CVE: : CVE-2011-1897,MS11-079
  Date du conseil: 21 juillet 2015

  Description

Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."

  Information Exposure Rating:

Please apply DPI Rule 'Generic Cross Site Scripting(XSS) Prevention' and add the port of Microsoft Forefront Unified Access Gateway (UAG) server (Default 50002/TCP) in the Application Type 'Web Application Common' .

  Solutions

  Trend Micro Deep Security DPI Rule Number: 1000552
  Trend Micro Deep Security DPI Rule Name: 1000552 - Generic Cross Site Scripting(XSS) Prevention

  Affected software and version:

  • microsoft forefront_unified_access_gateway 2010