Preemptive Protection against Microsoft Forefront UAG ExcelTable Reflected XSS Information Disclosure (MS11-079; CVE-2011-1896)
| Check Point Reference: | CPAI-2011-472 | |
| Date Published: | ||
| Preemptive Since: | ||
| Severity: | ||
| Source: | Microsoft Security Bulletin MS11-079 | |
| Industry Reference(s): | CVE-2011-1896 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Microsoft Forefront Unified Access Gateway 2010 Microsoft Forefront Unified Access Gateway 2010 Service Pack 1 Microsoft Forefront Unified Access Gateway 2010 Update 1 Microsoft Forefront Unified Access Gateway 2010 Update 2 | ||
| Vulnerability Description An information disclosure vulnerability has been reported in Microsoft Forefront Unified Access Gateway (UAG) server. |
||
|
Update/Patch Available Apply patches from: MS11-079 |
|
|
Vulnerability Details The vulnerability is due to a defect in Forefront Unified Access Gateway (UAG) that allows content to be reflected back to the user. A remote attacker may exploit this vulnerability by enticing a target UAG user to click on a link containing a malicious script. Successful exploitation may result in potentially sensitive information being disclosed to an unprivileged user. |
Protection Overview
This protection will detect and block attempts to exploit this vulnerability.
No update is required to address this vulnerability.
Users are protected against this vulnerability if the Cross-Site Scripting protection found in the Protection section of CPSA-2005-03 has been applied.
To configure the defense, select your product from the list below and follow the related protection steps.