Description
CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/49979
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-079
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/76235
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13064
Scores
EPSS
0.1114
EPSS Percentile
95.4%
Details
CWE
CWE-94
Status
published
Products (1)
microsoft/forefront_unified_access_gateway
2010 (4 CPE variants)
Published
Oct 12, 2011
Tracked Since
Feb 18, 2026