Web Application Configuration Flaw in Microsoft Forefront Unified Access Gateway
CVE-2012-0147

Currently unrated

Key Information:

Vendor: Microsoft
Status: Forefront Unified Access Gateway
Vendor: CVE Published:; 10 April 2012

Summary

The vulnerability within Microsoft Forefront Unified Access Gateway arises from improper configuration of the default web site, enabling remote attackers to exploit this flaw through specially crafted HTTPS requests. This may lead to the exposure of sensitive information without proper authentication, thus compromising the integrity of the application and the data it manages.

References

http://www.us-cert.gov/cas/techalerts/TA12-101A.html

third-party-advisoryx_refsource_CERT

http://www.securitytracker.com/id?1026909

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

36% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 10, 2012
Vulnerability Reserved
Dec 13, 2011