cvelistv5 - CVE-2012-0147

CVE-2012-0147 (GCVE-0-2012-0147)

Vulnerability from cvelistv5

Published

2012-04-10 21:00

Modified

2024-08-06 18:16

Severity ?

CWE

Summary

References

URL

Tags

secure@microsoft.com	http://osvdb.org/81132
secure@microsoft.com	http://secunia.com/advisories/48787
secure@microsoft.com	http://www.securityfocus.com/bid/52909
secure@microsoft.com	http://www.securitytracker.com/id?1026909
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA12-101A.html	US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/74368
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15557
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/81132
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48787
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52909
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1026909
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA12-101A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/74368
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15557

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:16:18.967Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA12-101A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA12-101A.html"
          },
          {
            "name": "1026909",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026909"
          },
          {
            "name": "MS12-026",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026"
          },
          {
            "name": "oval:org.mitre.oval:def:15557",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15557"
          },
          {
            "name": "52909",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52909"
          },
          {
            "name": "48787",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48787"
          },
          {
            "name": "ms-forefront-uag-info-disclosure(74368)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74368"
          },
          {
            "name": "81132",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/81132"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka \"Unfiltered Access to UAG Default Website Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "TA12-101A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA12-101A.html"
        },
        {
          "name": "1026909",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026909"
        },
        {
          "name": "MS12-026",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026"
        },
        {
          "name": "oval:org.mitre.oval:def:15557",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15557"
        },
        {
          "name": "52909",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52909"
        },
        {
          "name": "48787",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48787"
        },
        {
          "name": "ms-forefront-uag-info-disclosure(74368)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74368"
        },
        {
          "name": "81132",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/81132"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2012-0147",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka \"Unfiltered Access to UAG Default Website Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA12-101A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA12-101A.html"
            },
            {
              "name": "1026909",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026909"
            },
            {
              "name": "MS12-026",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026"
            },
            {
              "name": "oval:org.mitre.oval:def:15557",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15557"
            },
            {
              "name": "52909",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52909"
            },
            {
              "name": "48787",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48787"
            },
            {
              "name": "ms-forefront-uag-info-disclosure(74368)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74368"
            },
            {
              "name": "81132",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/81132"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2012-0147",
    "datePublished": "2012-04-10T21:00:00",
    "dateReserved": "2011-12-13T00:00:00",
    "dateUpdated": "2024-08-06T18:16:18.967Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-0147\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2012-04-10T21:55:01.500\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka \\\"Unfiltered Access to UAG Default Website Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 y SP1 Update 1 no configura de forma adecuada el sitio Web por defecto, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de peticiones HTTPS manipuladas, tambi\u00e9n conocida como \\\"Unfiltered Access to UAG Default Website Vulnerability.\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-16\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"96448A86-3D9B-488C-A95C-4CCAE1FE177D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:sp1_update1:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEC0CBA4-1D31-4631-8E2E-F462F02C747A\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/81132\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/48787\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/52909\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1026909\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA12-101A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/74368\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15557\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://osvdb.org/81132\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/48787\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/52909\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1026909\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA12-101A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/74368\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15557\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2012-0147

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2012-0147

Aliases

CVE-2012-0147

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-0147",
    "description": "Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka \"Unfiltered Access to UAG Default Website Vulnerability.\"",
    "id": "GSD-2012-0147"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-0147"
      ],
      "details": "Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka \"Unfiltered Access to UAG Default Website Vulnerability.\"",
      "id": "GSD-2012-0147",
      "modified": "2023-12-13T01:20:13.450777Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2012-0147",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka \"Unfiltered Access to UAG Default Website Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "TA12-101A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA12-101A.html"
          },
          {
            "name": "1026909",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1026909"
          },
          {
            "name": "MS12-026",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026"
          },
          {
            "name": "oval:org.mitre.oval:def:15557",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15557"
          },
          {
            "name": "52909",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/52909"
          },
          {
            "name": "48787",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/48787"
          },
          {
            "name": "ms-forefront-uag-info-disclosure(74368)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74368"
          },
          {
            "name": "81132",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/81132"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:sp1_update1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2012-0147"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka \"Unfiltered Access to UAG Default Website Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-16"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1026909",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1026909"
            },
            {
              "name": "52909",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/52909"
            },
            {
              "name": "48787",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/48787"
            },
            {
              "name": "81132",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/81132"
            },
            {
              "name": "TA12-101A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA12-101A.html"
            },
            {
              "name": "ms-forefront-uag-info-disclosure(74368)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74368"
            },
            {
              "name": "oval:org.mitre.oval:def:15557",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15557"
            },
            {
              "name": "MS12-026",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-12T22:02Z",
      "publishedDate": "2012-04-10T21:55Z"
    }
  }
}

fkie_cve-2012-0147

Vulnerability from fkie_nvd

Published

2012-04-10 21:55

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://osvdb.org/81132
secure@microsoft.com	http://secunia.com/advisories/48787
secure@microsoft.com	http://www.securityfocus.com/bid/52909
secure@microsoft.com	http://www.securitytracker.com/id?1026909
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA12-101A.html	US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/74368
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15557
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/81132
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48787
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52909
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1026909
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA12-101A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/74368
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15557

Impacted products

	Vendor	Product	Version
	microsoft	forefront_unified_access_gateway	2010
	microsoft	forefront_unified_access_gateway	2010

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "96448A86-3D9B-488C-A95C-4CCAE1FE177D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:sp1_update1:*:*:*:*:*:*",
              "matchCriteriaId": "DEC0CBA4-1D31-4631-8E2E-F462F02C747A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka \"Unfiltered Access to UAG Default Website Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 y SP1 Update 1 no configura de forma adecuada el sitio Web por defecto, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de peticiones HTTPS manipuladas, tambi\u00e9n conocida como \"Unfiltered Access to UAG Default Website Vulnerability.\""
    }
  ],
  "id": "CVE-2012-0147",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-04-10T21:55:01.500",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://osvdb.org/81132"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/48787"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/52909"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1026909"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-101A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74368"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15557"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/81132"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48787"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52909"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026909"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-101A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15557"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-16"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability.". Microsoft Forefront Unified Access Gateway is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. The solution mainly provides application intelligence technology and fine-grained access control functions. ----------------------------------------------------------------------

Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch

TITLE: Microsoft Forefront Unified Access Gateway Two Vulnerabilities

SECUNIA ADVISORY ID: SA48787

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48787/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48787

RELEASE DATE: 2012-04-10

DISCUSS ADVISORY: http://secunia.com/advisories/48787/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/48787/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=48787

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A weakness and a vulnerability have been reported in Microsoft Forefront Unified Access Gateway, which can be exploited by malicious people to conduct spoofing attacks and disclose certain sensitive information.

1) A weakness in UAG allows redirecting users to an untrusted site e.g. spoofing a legitimate UAG Web interface.

2) An error within the default website configuration allows access to certain content from the external network.

SOLUTION: Apply patches.

Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: MS12-026 (KB2663860, KB2649261, KB2649262): http://technet.microsoft.com/en-us/security/bulletin/ms12-026

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                National Cyber Awareness System

          Technical Cyber Security Alert TA12-101A

Microsoft Updates for Multiple Vulnerabilities

Original release date: April 10, 2012 Last revised: -- Source: US-CERT

Systems Affected

 * Microsoft Windows
 * Microsoft Internet Explorer
 * Microsoft .NET Framework
 * Microsoft Office
 * Microsoft Server Software
 * Microsoft SQL Server
 * Microsoft Developer Tools
 * Microsoft Forefront United Access Gateway

Overview

There are multiple vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft .NET Framework, Microsoft Office, Microsoft Server Software, Microsoft SQL Server, Microsoft Developer Tools, and Microsoft Forefront United Access Gateway. Microsoft has released updates to address these vulnerabilities.

Description

The Microsoft Security Bulletin Summary for April 2012 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities.

Impact

A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for April 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates.

References

Microsoft Security Bulletin Summary for April 2012 - http://technet.microsoft.com/en-us/security/bulletin/ms12-apr
Microsoft Windows Server Update Services - http://technet.microsoft.com/en-us/wsus/default.aspx
Microsoft Update - https://www.update.microsoft.com/
Microsoft Update Overview - http://www.microsoft.com/security/updates/mu.aspx
Turn Automatic Updating On or Off - http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off

Revision History

April 10, 2012: Initial release

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA12-101A Feedback VU#507275" in the subject.

Produced by US-CERT, a government organization.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

This document can also be found at http://www.us-cert.gov/cas/techalerts/TA12-101A.html

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBT4R9vT/GkGVXE7GMAQJ9Kwf+KD4RrpgeT6CAAgILeIFesdYAGWvVBkS2 2HvmfVPJzwddWuPq66BHM+gfHHSIQ7l2zySp7U/pmAzAJ4xmsxg0Jog+R4IfOcDG qRUprowI1Uf6hdSZbsQz2Z3KJgcs3DrT7WxgTmbFVk7ezlkFUO1dn+hcAlmWSRzU nKjZBFOswTQqhrOIHit8BxKewt5vD4qwx37Rm2d8QrVaqohf40ih15ArK+VonU4b MB29KEtcNDKoaCRVBiKj1rgiGuLCVhYoz7aPq3ey4zTnFtqkU4zZR4hv+FaUJ4kO 2UCQzfsnMp3JDY+K68E+AchH0PtYOi2T5Dp3gtqdleaxr+tWOdShRg== =Iv8O -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201204-0149",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "forefront unified access gateway",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "2010"
      },
      {
        "model": "forefront unified access gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2010 sp 1"
      },
      {
        "model": "forefront unified access gateway",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "2010 sp 1 update 1"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002029"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-120"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0147"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:forefront_unified_access_gateway",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002029"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "BID",
        "id": "52909"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2012-0147",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2012-0147",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-53428",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2012-0147",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2012-0147",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201204-120",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-53428",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-53428"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002029"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-120"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0147"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka \"Unfiltered Access to UAG Default Website Vulnerability.\". Microsoft Forefront Unified Access Gateway is prone to a remote information-disclosure vulnerability. \nAttackers can exploit this issue to gain access to sensitive information that may aid in further attacks. The solution mainly provides application intelligence technology and fine-grained access control functions. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nMicrosoft Forefront Unified Access Gateway Two Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA48787\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48787/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48787\n\nRELEASE DATE:\n2012-04-10\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48787/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48787/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48787\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness and a vulnerability have been reported in Microsoft\nForefront Unified Access Gateway, which can be exploited by malicious\npeople to conduct spoofing attacks and disclose certain sensitive\ninformation. \n\n1) A weakness in UAG allows redirecting users to an untrusted site\ne.g. spoofing a legitimate UAG Web interface. \n\n2) An error within the default website configuration allows access to\ncertain content from the external network. \n\nSOLUTION:\nApply patches. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nMS12-026 (KB2663860, KB2649261, KB2649262):\nhttp://technet.microsoft.com/en-us/security/bulletin/ms12-026\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n                    National Cyber Awareness System\n\n              Technical Cyber Security Alert TA12-101A\n\n\nMicrosoft Updates for Multiple Vulnerabilities\n\n   Original release date: April 10, 2012\n   Last revised: --\n   Source: US-CERT\n\n\nSystems Affected\n\n     * Microsoft Windows\n     * Microsoft Internet Explorer\n     * Microsoft .NET Framework\n     * Microsoft Office\n     * Microsoft Server Software\n     * Microsoft SQL Server\n     * Microsoft Developer Tools\n     * Microsoft Forefront United Access Gateway\n\n\nOverview\n\n   There are multiple vulnerabilities in Microsoft Windows, Internet\n   Explorer, Microsoft .NET Framework, Microsoft Office, Microsoft\n   Server Software, Microsoft SQL Server, Microsoft Developer Tools,\n   and Microsoft Forefront United Access Gateway.  Microsoft has\n   released updates to address these vulnerabilities. \n\n\nDescription\n\n   The Microsoft Security Bulletin Summary for April 2012 describes\n   multiple vulnerabilities in Microsoft software. Microsoft has\n   released updates to address the vulnerabilities. \n\n\nImpact\n\n   A remote, unauthenticated attacker could execute arbitrary code,\n   cause a denial of service, or gain unauthorized access to your\n   files or system. \n\n\nSolution\n\n   Apply updates\n\n   Microsoft has provided updates for these vulnerabilities in the\n   Microsoft Security Bulletin Summary for April 2012, which describes\n   any known issues related to the updates. Administrators are\n   encouraged to note these issues and test for any potentially\n   adverse effects. In addition, administrators should consider using\n   an automated update distribution system such as Windows Server\n   Update Services (WSUS). Home users are encouraged to enable\n   automatic updates. \n\n\nReferences\n\n * Microsoft Security Bulletin Summary for April 2012 -\n   \u003chttp://technet.microsoft.com/en-us/security/bulletin/ms12-apr\u003e\n\n * Microsoft Windows Server Update Services -\n   \u003chttp://technet.microsoft.com/en-us/wsus/default.aspx\u003e\n\n * Microsoft Update - \u003chttps://www.update.microsoft.com/\u003e\n\n * Microsoft Update Overview -\n   \u003chttp://www.microsoft.com/security/updates/mu.aspx\u003e\n\n * Turn Automatic Updating On or Off -\n   \u003chttp://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off\u003e\n\n\nRevision History\n\n  April 10, 2012: Initial release\n\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA12-101A Feedback VU#507275\" in\n   the subject. \n ____________________________________________________________________\n\n   Produced by US-CERT, a government organization. \n ____________________________________________________________________\n\nThis product is provided subject to the Notification as indicated here: \nhttp://www.us-cert.gov/legal.html#notify\n\nThis document can also be found at\nhttp://www.us-cert.gov/cas/techalerts/TA12-101A.html\n\nFor instructions on subscribing to or unsubscribing from this \nmailing list, visit http://www.us-cert.gov/cas/signup.html\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBT4R9vT/GkGVXE7GMAQJ9Kwf+KD4RrpgeT6CAAgILeIFesdYAGWvVBkS2\n2HvmfVPJzwddWuPq66BHM+gfHHSIQ7l2zySp7U/pmAzAJ4xmsxg0Jog+R4IfOcDG\nqRUprowI1Uf6hdSZbsQz2Z3KJgcs3DrT7WxgTmbFVk7ezlkFUO1dn+hcAlmWSRzU\nnKjZBFOswTQqhrOIHit8BxKewt5vD4qwx37Rm2d8QrVaqohf40ih15ArK+VonU4b\nMB29KEtcNDKoaCRVBiKj1rgiGuLCVhYoz7aPq3ey4zTnFtqkU4zZR4hv+FaUJ4kO\n2UCQzfsnMp3JDY+K68E+AchH0PtYOi2T5Dp3gtqdleaxr+tWOdShRg==\n=Iv8O\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-0147"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002029"
      },
      {
        "db": "BID",
        "id": "52909"
      },
      {
        "db": "VULHUB",
        "id": "VHN-53428"
      },
      {
        "db": "PACKETSTORM",
        "id": "111723"
      },
      {
        "db": "PACKETSTORM",
        "id": "111753"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-0147",
        "trust": 2.8
      },
      {
        "db": "USCERT",
        "id": "TA12-101A",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "48787",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "52909",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1026909",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "81132",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002029",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-120",
        "trust": 0.7
      },
      {
        "db": "MS",
        "id": "MS12-026",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "19327",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-53428",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "111723",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "111753",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-53428"
      },
      {
        "db": "BID",
        "id": "52909"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002029"
      },
      {
        "db": "PACKETSTORM",
        "id": "111723"
      },
      {
        "db": "PACKETSTORM",
        "id": "111753"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-120"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0147"
      }
    ]
  },
  "id": "VAR-201204-0149",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-53428"
      }
    ],
    "trust": 0.6675675999999999
  },
  "last_update_date": "2024-11-23T19:38:43.916000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MS12-026",
        "trust": 0.8,
        "url": "http://technet.microsoft.com/en-us/security/bulletin/ms12-026"
      },
      {
        "title": "MS12-026",
        "trust": 0.8,
        "url": "http://technet.microsoft.com/ja-jp/security/bulletin/ms12-026"
      },
      {
        "title": "TA12-101A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta12-101a.html"
      },
      {
        "title": "UAG-KB2649262-v4.0.1773.10190-ENU",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42936"
      },
      {
        "title": "UAG-KB2649261-v4.0.1753.10076-ENU",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42935"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002029"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-120"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-16",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-53428"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002029"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0147"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.us-cert.gov/cas/techalerts/ta12-101a.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/48787"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/52909"
      },
      {
        "trust": 1.1,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/81132"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15557"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id?1026909"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74368"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0147"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2012/at120012.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta12-101a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0147"
      },
      {
        "trust": 0.8,
        "url": "http://www.npa.go.jp/cyberpolice/#topics"
      },
      {
        "trust": 0.6,
        "url": "http://technet.microsoft.com/security/bulletin/ms12-026"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/19327"
      },
      {
        "trust": 0.4,
        "url": "http://technet.microsoft.com/en-us/security/bulletin/ms12-026"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48787"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/psi_30_beta_launch"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/48787/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/48787/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html#notify"
      },
      {
        "trust": 0.1,
        "url": "http://windows.microsoft.com/en-us/windows-vista/turn-automatic-updating-on-or-off\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://technet.microsoft.com/en-us/security/bulletin/ms12-apr\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://www.update.microsoft.com/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/security/updates/mu.aspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html"
      },
      {
        "trust": 0.1,
        "url": "http://technet.microsoft.com/en-us/wsus/default.aspx\u003e"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-53428"
      },
      {
        "db": "BID",
        "id": "52909"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002029"
      },
      {
        "db": "PACKETSTORM",
        "id": "111723"
      },
      {
        "db": "PACKETSTORM",
        "id": "111753"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-120"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0147"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-53428"
      },
      {
        "db": "BID",
        "id": "52909"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002029"
      },
      {
        "db": "PACKETSTORM",
        "id": "111723"
      },
      {
        "db": "PACKETSTORM",
        "id": "111753"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-120"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0147"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-04-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-53428"
      },
      {
        "date": "2012-04-10T00:00:00",
        "db": "BID",
        "id": "52909"
      },
      {
        "date": "2012-04-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-002029"
      },
      {
        "date": "2012-04-11T06:18:00",
        "db": "PACKETSTORM",
        "id": "111723"
      },
      {
        "date": "2012-04-11T15:07:01",
        "db": "PACKETSTORM",
        "id": "111753"
      },
      {
        "date": "2012-04-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201204-120"
      },
      {
        "date": "2012-04-10T21:55:01.500000",
        "db": "NVD",
        "id": "CVE-2012-0147"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-53428"
      },
      {
        "date": "2012-04-10T00:00:00",
        "db": "BID",
        "id": "52909"
      },
      {
        "date": "2012-04-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-002029"
      },
      {
        "date": "2012-04-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201204-120"
      },
      {
        "date": "2024-11-21T01:34:28.427000",
        "db": "NVD",
        "id": "CVE-2012-0147"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-120"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft Forefront Unified Access Gateway Vulnerability in which important information is obtained",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002029"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "configuration error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-120"
      }
    ],
    "trust": 0.6
  }
}

CERTA-2012-AVI-205

Vulnerability from certfr_avis

Deux vulnérabilités ont été corrigées dans Microsoft Forefront Unified Access Gateway. En construisant des requêtes avec un émetteur falsifié, il est possible de rediriger les connexions HTTP d'une victime vers un site arbitraire et d'obtenir des informations sensibles d'un utilisateur. La deuxième vulnérabilité permet d'accéder sans authentification au site web par défaut de Microsoft Forefront Unified Access Gateway depuis un réseau externe.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	N/A	Microsoft Forefront Unified Access Gateway 2010 Service Pack 1 Update 1.
	Microsoft	N/A	Microsoft Forefront Unified Access Gateway 2010 Service Pack 1 ;

References

Title

Publication Time

ghsa-5f59-cr5p-9xh9

Vulnerability from github

Published

2022-05-04 00:28

Modified

2022-05-04 00:28

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-0147"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-04-10T21:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka \"Unfiltered Access to UAG Default Website Vulnerability.\"",
  "id": "GHSA-5f59-cr5p-9xh9",
  "modified": "2022-05-04T00:28:25Z",
  "published": "2022-05-04T00:28:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0147"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74368"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15557"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/81132"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48787"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/52909"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1026909"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-101A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2012-0147 (GCVE-0-2012-0147)

Vulnerability from cvelistv5

gsd-2012-0147

Vulnerability from gsd

fkie_cve-2012-0147

Vulnerability from fkie_nvd

var-201204-0149

Vulnerability from variot

CERTA-2012-AVI-205

Vulnerability from certfr_avis

Solution

ghsa-5f59-cr5p-9xh9

Vulnerability from github

Tags

Sightings

Nomenclature