var-201204-0149
Vulnerability from variot
Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability.". Microsoft Forefront Unified Access Gateway is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. The solution mainly provides application intelligence technology and fine-grained access control functions. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Microsoft Forefront Unified Access Gateway Two Vulnerabilities
SECUNIA ADVISORY ID: SA48787
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48787/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48787
RELEASE DATE: 2012-04-10
DISCUSS ADVISORY: http://secunia.com/advisories/48787/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48787/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48787
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A weakness and a vulnerability have been reported in Microsoft Forefront Unified Access Gateway, which can be exploited by malicious people to conduct spoofing attacks and disclose certain sensitive information.
1) A weakness in UAG allows redirecting users to an untrusted site e.g. spoofing a legitimate UAG Web interface.
2) An error within the default website configuration allows access to certain content from the external network.
SOLUTION: Apply patches.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: MS12-026 (KB2663860, KB2649261, KB2649262): http://technet.microsoft.com/en-us/security/bulletin/ms12-026
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Awareness System
Technical Cyber Security Alert TA12-101A
Microsoft Updates for Multiple Vulnerabilities
Original release date: April 10, 2012 Last revised: -- Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Internet Explorer
* Microsoft .NET Framework
* Microsoft Office
* Microsoft Server Software
* Microsoft SQL Server
* Microsoft Developer Tools
* Microsoft Forefront United Access Gateway
Overview
There are multiple vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft .NET Framework, Microsoft Office, Microsoft Server Software, Microsoft SQL Server, Microsoft Developer Tools, and Microsoft Forefront United Access Gateway. Microsoft has released updates to address these vulnerabilities.
Description
The Microsoft Security Bulletin Summary for April 2012 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities.
Impact
A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
Solution
Apply updates
Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for April 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates.
References
-
Microsoft Security Bulletin Summary for April 2012 - http://technet.microsoft.com/en-us/security/bulletin/ms12-apr
-
Microsoft Windows Server Update Services - http://technet.microsoft.com/en-us/wsus/default.aspx
-
Microsoft Update - https://www.update.microsoft.com/
-
Microsoft Update Overview - http://www.microsoft.com/security/updates/mu.aspx
-
Turn Automatic Updating On or Off - http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off
Revision History
April 10, 2012: Initial release
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA12-101A Feedback VU#507275" in the subject.
Produced by US-CERT, a government organization.
This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
This document can also be found at http://www.us-cert.gov/cas/techalerts/TA12-101A.html
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBT4R9vT/GkGVXE7GMAQJ9Kwf+KD4RrpgeT6CAAgILeIFesdYAGWvVBkS2 2HvmfVPJzwddWuPq66BHM+gfHHSIQ7l2zySp7U/pmAzAJ4xmsxg0Jog+R4IfOcDG qRUprowI1Uf6hdSZbsQz2Z3KJgcs3DrT7WxgTmbFVk7ezlkFUO1dn+hcAlmWSRzU nKjZBFOswTQqhrOIHit8BxKewt5vD4qwx37Rm2d8QrVaqohf40ih15ArK+VonU4b MB29KEtcNDKoaCRVBiKj1rgiGuLCVhYoz7aPq3ey4zTnFtqkU4zZR4hv+FaUJ4kO 2UCQzfsnMp3JDY+K68E+AchH0PtYOi2T5Dp3gtqdleaxr+tWOdShRg== =Iv8O -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201204-0149",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "forefront unified access gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "2010"
},
{
"model": "forefront unified access gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2010 sp 1"
},
{
"model": "forefront unified access gateway",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2010 sp 1 update 1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002029"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-120"
},
{
"db": "NVD",
"id": "CVE-2012-0147"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:forefront_unified_access_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002029"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft",
"sources": [
{
"db": "BID",
"id": "52909"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0147",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2012-0147",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-53428",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-0147",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-0147",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201204-120",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-53428",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53428"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002029"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-120"
},
{
"db": "NVD",
"id": "CVE-2012-0147"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka \"Unfiltered Access to UAG Default Website Vulnerability.\". Microsoft Forefront Unified Access Gateway is prone to a remote information-disclosure vulnerability. \nAttackers can exploit this issue to gain access to sensitive information that may aid in further attacks. The solution mainly provides application intelligence technology and fine-grained access control functions. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nMicrosoft Forefront Unified Access Gateway Two Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA48787\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48787/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48787\n\nRELEASE DATE:\n2012-04-10\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48787/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48787/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48787\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness and a vulnerability have been reported in Microsoft\nForefront Unified Access Gateway, which can be exploited by malicious\npeople to conduct spoofing attacks and disclose certain sensitive\ninformation. \n\n1) A weakness in UAG allows redirecting users to an untrusted site\ne.g. spoofing a legitimate UAG Web interface. \n\n2) An error within the default website configuration allows access to\ncertain content from the external network. \n\nSOLUTION:\nApply patches. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nMS12-026 (KB2663860, KB2649261, KB2649262):\nhttp://technet.microsoft.com/en-us/security/bulletin/ms12-026\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n National Cyber Awareness System\n\n Technical Cyber Security Alert TA12-101A\n\n\nMicrosoft Updates for Multiple Vulnerabilities\n\n Original release date: April 10, 2012\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n * Microsoft Windows\n * Microsoft Internet Explorer\n * Microsoft .NET Framework\n * Microsoft Office\n * Microsoft Server Software\n * Microsoft SQL Server\n * Microsoft Developer Tools\n * Microsoft Forefront United Access Gateway\n\n\nOverview\n\n There are multiple vulnerabilities in Microsoft Windows, Internet\n Explorer, Microsoft .NET Framework, Microsoft Office, Microsoft\n Server Software, Microsoft SQL Server, Microsoft Developer Tools,\n and Microsoft Forefront United Access Gateway. Microsoft has\n released updates to address these vulnerabilities. \n\n\nDescription\n\n The Microsoft Security Bulletin Summary for April 2012 describes\n multiple vulnerabilities in Microsoft software. Microsoft has\n released updates to address the vulnerabilities. \n\n\nImpact\n\n A remote, unauthenticated attacker could execute arbitrary code,\n cause a denial of service, or gain unauthorized access to your\n files or system. \n\n\nSolution\n\n Apply updates\n\n Microsoft has provided updates for these vulnerabilities in the\n Microsoft Security Bulletin Summary for April 2012, which describes\n any known issues related to the updates. Administrators are\n encouraged to note these issues and test for any potentially\n adverse effects. In addition, administrators should consider using\n an automated update distribution system such as Windows Server\n Update Services (WSUS). Home users are encouraged to enable\n automatic updates. \n\n\nReferences\n\n * Microsoft Security Bulletin Summary for April 2012 -\n \u003chttp://technet.microsoft.com/en-us/security/bulletin/ms12-apr\u003e\n\n * Microsoft Windows Server Update Services -\n \u003chttp://technet.microsoft.com/en-us/wsus/default.aspx\u003e\n\n * Microsoft Update - \u003chttps://www.update.microsoft.com/\u003e\n\n * Microsoft Update Overview -\n \u003chttp://www.microsoft.com/security/updates/mu.aspx\u003e\n\n * Turn Automatic Updating On or Off -\n \u003chttp://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off\u003e\n\n\nRevision History\n\n April 10, 2012: Initial release\n\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA12-101A Feedback VU#507275\" in\n the subject. \n ____________________________________________________________________\n\n Produced by US-CERT, a government organization. \n ____________________________________________________________________\n\nThis product is provided subject to the Notification as indicated here: \nhttp://www.us-cert.gov/legal.html#notify\n\nThis document can also be found at\nhttp://www.us-cert.gov/cas/techalerts/TA12-101A.html\n\nFor instructions on subscribing to or unsubscribing from this \nmailing list, visit http://www.us-cert.gov/cas/signup.html\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBT4R9vT/GkGVXE7GMAQJ9Kwf+KD4RrpgeT6CAAgILeIFesdYAGWvVBkS2\n2HvmfVPJzwddWuPq66BHM+gfHHSIQ7l2zySp7U/pmAzAJ4xmsxg0Jog+R4IfOcDG\nqRUprowI1Uf6hdSZbsQz2Z3KJgcs3DrT7WxgTmbFVk7ezlkFUO1dn+hcAlmWSRzU\nnKjZBFOswTQqhrOIHit8BxKewt5vD4qwx37Rm2d8QrVaqohf40ih15ArK+VonU4b\nMB29KEtcNDKoaCRVBiKj1rgiGuLCVhYoz7aPq3ey4zTnFtqkU4zZR4hv+FaUJ4kO\n2UCQzfsnMp3JDY+K68E+AchH0PtYOi2T5Dp3gtqdleaxr+tWOdShRg==\n=Iv8O\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0147"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002029"
},
{
"db": "BID",
"id": "52909"
},
{
"db": "VULHUB",
"id": "VHN-53428"
},
{
"db": "PACKETSTORM",
"id": "111723"
},
{
"db": "PACKETSTORM",
"id": "111753"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0147",
"trust": 2.8
},
{
"db": "USCERT",
"id": "TA12-101A",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "48787",
"trust": 1.8
},
{
"db": "BID",
"id": "52909",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1026909",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "81132",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002029",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201204-120",
"trust": 0.7
},
{
"db": "MS",
"id": "MS12-026",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "19327",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-53428",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111723",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111753",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53428"
},
{
"db": "BID",
"id": "52909"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002029"
},
{
"db": "PACKETSTORM",
"id": "111723"
},
{
"db": "PACKETSTORM",
"id": "111753"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-120"
},
{
"db": "NVD",
"id": "CVE-2012-0147"
}
]
},
"id": "VAR-201204-0149",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-53428"
}
],
"trust": 0.6675675999999999
},
"last_update_date": "2024-11-23T19:38:43.916000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS12-026",
"trust": 0.8,
"url": "http://technet.microsoft.com/en-us/security/bulletin/ms12-026"
},
{
"title": "MS12-026",
"trust": 0.8,
"url": "http://technet.microsoft.com/ja-jp/security/bulletin/ms12-026"
},
{
"title": "TA12-101A",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta12-101a.html"
},
{
"title": "UAG-KB2649262-v4.0.1773.10190-ENU",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42936"
},
{
"title": "UAG-KB2649261-v4.0.1753.10076-ENU",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42935"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002029"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-120"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-16",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53428"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002029"
},
{
"db": "NVD",
"id": "CVE-2012-0147"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.us-cert.gov/cas/techalerts/ta12-101a.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48787"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52909"
},
{
"trust": 1.1,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026"
},
{
"trust": 1.1,
"url": "http://osvdb.org/81132"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15557"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id?1026909"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74368"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0147"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2012/at120012.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta12-101a"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0147"
},
{
"trust": 0.8,
"url": "http://www.npa.go.jp/cyberpolice/#topics"
},
{
"trust": 0.6,
"url": "http://technet.microsoft.com/security/bulletin/ms12-026"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19327"
},
{
"trust": 0.4,
"url": "http://technet.microsoft.com/en-us/security/bulletin/ms12-026"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48787"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48787/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48787/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html#notify"
},
{
"trust": 0.1,
"url": "http://windows.microsoft.com/en-us/windows-vista/turn-automatic-updating-on-or-off\u003e"
},
{
"trust": 0.1,
"url": "http://technet.microsoft.com/en-us/security/bulletin/ms12-apr\u003e"
},
{
"trust": 0.1,
"url": "https://www.update.microsoft.com/\u003e"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/security/updates/mu.aspx\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html"
},
{
"trust": 0.1,
"url": "http://technet.microsoft.com/en-us/wsus/default.aspx\u003e"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-53428"
},
{
"db": "BID",
"id": "52909"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002029"
},
{
"db": "PACKETSTORM",
"id": "111723"
},
{
"db": "PACKETSTORM",
"id": "111753"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-120"
},
{
"db": "NVD",
"id": "CVE-2012-0147"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-53428"
},
{
"db": "BID",
"id": "52909"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-002029"
},
{
"db": "PACKETSTORM",
"id": "111723"
},
{
"db": "PACKETSTORM",
"id": "111753"
},
{
"db": "CNNVD",
"id": "CNNVD-201204-120"
},
{
"db": "NVD",
"id": "CVE-2012-0147"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-53428"
},
{
"date": "2012-04-10T00:00:00",
"db": "BID",
"id": "52909"
},
{
"date": "2012-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002029"
},
{
"date": "2012-04-11T06:18:00",
"db": "PACKETSTORM",
"id": "111723"
},
{
"date": "2012-04-11T15:07:01",
"db": "PACKETSTORM",
"id": "111753"
},
{
"date": "2012-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-120"
},
{
"date": "2012-04-10T21:55:01.500000",
"db": "NVD",
"id": "CVE-2012-0147"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-53428"
},
{
"date": "2012-04-10T00:00:00",
"db": "BID",
"id": "52909"
},
{
"date": "2012-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-002029"
},
{
"date": "2012-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201204-120"
},
{
"date": "2024-11-21T01:34:28.427000",
"db": "NVD",
"id": "CVE-2012-0147"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201204-120"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Forefront Unified Access Gateway Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-002029"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "configuration error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201204-120"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.