Severity: : Medium
  CVE Kennungen: : CVE-2011-1897,MS11-079
  Advisory Date: 21 de июля de 2015

  DESCRIPTION

Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."

  INFORMATION EXPOSURE

Please apply DPI Rule 'Generic Cross Site Scripting(XSS) Prevention' and add the port of Microsoft Forefront Unified Access Gateway (UAG) server (Default 50002/TCP) in the Application Type 'Web Application Common' .

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1000552
  Trend Micro Deep Security DPI Rule Name: 1000552 - Generic Cross Site Scripting(XSS) Prevention

  AFFECTED SOFTWARE AND VERSION:

  • microsoft forefront_unified_access_gateway 2010