|
|
|||
| Rule General Information |
|---|
| Release Date: | 2016-01-11 | |
| Rule Name: | Microsoft Forefront UAG Default Reflected Cross-site Scripting Vulnerability (CVE-2011-1897) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability." | |
| Impact: | An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed. | |
| Affected OS: | Windows | |
| Reference: | http://technet.microsoft.com/en-us/security/bulletin/MS11-079 |
|
| Solutions |
|---|
| Microsoft has released a patch MS11-079 to eliminate the vulnerability. The patch can be downloaded at http://technet.microsoft.com/en-us/security/bulletin/MS11-079 |