CVE-2011-1895

Microsoft Forefront UAG 2010 - CRLF Injection

Title source: llm
STIX 2.1

Description

CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/49979
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/76235
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13064

Scores

EPSS 0.1114
EPSS Percentile 95.4%

Details

CWE
CWE-94
Status published
Products (1)
microsoft/forefront_unified_access_gateway 2010 (4 CPE variants)
Published Oct 12, 2011
Tracked Since Feb 18, 2026