CVE-2012-0146

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2012-0146 to a friend

New vulnerability?
New tool?
Tell us

Credit:

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2012-0146

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1

A spoofing vulnerability exists in Forefront Unified Access Gateway (UAG) that could lead to information disclosure. The vulnerability could allow spoofing by redirecting web traffic intended for the UAG server to a malicious website. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL to a user of a UAG server, and convince the user to click the link. When an authenticated UAG user clicks the link, the authenticated user's browser session could be redirected to a malicious site that is designed to impersonate a legitimate UAG web interface. By doing so, the attacker could trick the user and potentially acquire sensitive information, such as the user's credentials

Vendor Status:
Microsoft had issued an update for this vulnerability

Patch Availability:
http://technet.microsoft.com/en-us/security/bulletin/ms12-026

CVE Information:
CVE-2012-0146

Disclosure Timeline:
Published: Tuesday, April 10, 2012

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus