MS.Forefront.UAG.Signurl.XSS
Description
This indicates an attack attempt against a cross-site-scripting vulnerability in Microsoft's Forefront Unified Access Gateway (UAG) server.
The vulnerability is a result of the application's failure to properly sanitize user input. As a result, Javascript encoded in a malicious URL can be executed in the context of the user that visited the site. It may result in information disclosure.
Affected Products
Forefront Unified Access Gateway 2010
Forefront Unified Access Gateway 2010 Update 1
Forefront Unified Access Gateway 2010 Update 2
Impact
Information disclosure
Recommended Actions
Apply the patch, available from the vendor's website:
http://www.microsoft.com/technet/security/Bulletin/MS10-089.mspx
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |