Follow:

Policy:Win/Forefront.UAG.Spoofing!CVE-2010-2732

Severity rating
Important

Class/Type
Policy

Discovered date
2010-11-09T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
No

Signature detection
Medium



On this page




Description

A spoofing vulnerability exists in Forefront Unified Access Gateway (UAG). The vulnerability could allow non-privileged users to send specially crafted URLs to UAG users, thereby spoofing or redirecting traffic intended for the UAG server.



Impact

The attacker can redirect the authenticated UAG user to a malicious Web page and trick them into entering username, password, or other private information.



Technical details (analysis)

The vulnerability is caused by the application failing to validate and confirm redirection to an external Web site. An attacker can direct an UAG user to a local UAG URL through e-mail, IM, or other means. The URL will redirect the user's browser session to an arbitrary site that will host the second stage of the attack.



Affected software

Forefront Unified Access Gateway 2010
Forefront Unified Access Gateway 2010 Update 1
Forefront Unified Access Gateway 2010 Update 2



Non-affected software

All applications not on the affected list.



References




Solutions




NIS signature

Name: Policy:Win/Forefront.UAG.Spoofing!CVE-2010-2732
Release Date: 2010-11-09T00:00:00



Known false positives

This signature can cause false positives if you are not running any of the affected software versions or if you've already applied the patch.



Work-arounds

No known work-arounds at this time.