MS10-089: Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)

NASLDB: MS10-089: Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)

General

ID: 50530
Name: MS10-089: Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)

Summary: Checks version of WhlFilter.dll

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Port: 139
Family: Windows : Microsoft Bulletins
Type: Local

Description

The version of Forefront Unified Access Gateway (UAG) running on the
remote host has multiple vulnerabilities :

– An unspecified redirection spoofing vulnerability, which
could result in users being redirected from the UAG server
to a similar looking, malicious server. (CVE-2010-2732)

– An unspecified non-persistent XSS in UAG.
(CVE-2010-2733)

– An unspecified non-persistent XSS in the UAG Mobile
Portal Website. (CVE-2010-2734)

– An unspecified non-persistent XSS in Signurl.asp.
(CVE-2010-3936)

Exploiting

Exploit Available: True
Exploitability Ease: Exploits are available

Sources

CVE: CVE-2010-2732
OSVDB: –
Bugtraq: 44631
scipID: –

Timeline

Vulnerability Disclosure: 2010/11/09
Patch Release: 2010/11/09
Plugin Release: 2010/11/09

Plugin

Version: 1.12
Filename: smb_nt_ms10-089.nasl
Filesize: 4327 bytes
MD5 Hash: 32703347bef309402f1ec93b17480e4b

Identification: Host/patch_management_checks
Require Keys: SMB/MS_Bulletin_Checks/Possible
Dependencies: "forefront_uag_installed.nasl", "ms_bulletin_checks_possible.nasl"