ID CVE-2012-0147
Summary Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:sp1_update1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:sp1_update1:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 12-10-2018 - 22:02)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
msbulletin via4
bulletin_id MS12-026
bulletin_url
date 2012-04-12T00:00:00
impact Information Disclosure
knowledgebase_id 2663860
knowledgebase_url
severity Important
title Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure
oval via4
accepted 2012-05-28T04:01:14.278-04:00
class vulnerability
contributors
name Josh Turpin
organization Symantec Corporation
definition_extensions
  • comment Microsoft Forefront Unified Access Gateway 2010 Service Pack 1
    oval oval:org.mitre.oval:def:12917
  • comment Microsoft Forefront Unified Access Gateway 2010 Service Pack 1 Update 1
    oval oval:org.mitre.oval:def:15597
description Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
family windows
id oval:org.mitre.oval:def:15557
status accepted
submitted 2012-04-10T13:00:00
title Unfiltered Access to UAG Default Website Vulnerability
version 27
refmap via4
bid 52909
cert TA12-101A
osvdb 81132
sectrack 1026909
secunia 48787
xf ms-forefront-uag-info-disclosure(74368)
Last major update 12-10-2018 - 22:02
Published 10-04-2012 - 21:55
Last modified 12-10-2018 - 22:02
Back to Top