CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:27
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/76235 - | |
References | () http://www.securityfocus.com/bid/49979 - | |
References | () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-079 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13064 - |
Information
Published : 2011-10-12 02:52
Updated : 2024-11-21 01:27
NVD link : CVE-2011-1895
Mitre link : CVE-2011-1895
CVE.ORG link : CVE-2011-1895
JSON object : View
Products Affected
microsoft
- forefront_unified_access_gateway
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')