Microsoft Forefront Unified Access Gateway URI Open Redirection Vulnerability
BID:52903
Info
Microsoft Forefront Unified Access Gateway URI Open Redirection Vulnerability
| Bugtraq ID: | 52903 |
| Class: | Design Error |
| CVE: |
CVE-2012-0146 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 10 2012 12:00AM |
| Updated: | Apr 10 2012 12:00AM |
| Credit: | Microsoft |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Microsoft Forefront Unified Access Gateway URI Open Redirection Vulnerability
Microsoft Forefront Unified Access Gateway is prone to a URI open-redirection vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to spoof a UAG server or redirect legitimate network traffic intended for a UAG server. This may allow the attacker to masquerade as a legitimate server, aiding in further attacks.
Microsoft Forefront Unified Access Gateway is prone to a URI open-redirection vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to spoof a UAG server or redirect legitimate network traffic intended for a UAG server. This may allow the attacker to masquerade as a legitimate server, aiding in further attacks.
Exploit / POC
Microsoft Forefront Unified Access Gateway URI Open Redirection Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to follow a crafted URI.
To exploit this issue, an attacker must entice an unsuspecting user to follow a crafted URI.
Solution / Fix
Microsoft Forefront Unified Access Gateway URI Open Redirection Vulnerability
Solution:
Vendor updates are available. Please see the references for details.
Solution:
Vendor updates are available. Please see the references for details.
References
Microsoft Forefront Unified Access Gateway URI Open Redirection Vulnerability
References:
References:
- Microsoft Homepage (Microsoft)
- Microsoft Security Bulletin MS12-026 - Important (Microsoft)