Intrusion Prevention

MS.Forefront.UAG.XSS

Description

This indicates a possible attack against a cross-site-scripting vulnerability in Microsoft Unified Access Gateway.
This vulnerability is due to an error when the vulnerable software handles a crafted HTTP request. An attacker can exploit this by enticing a user to follow a malicious web link to send a crafted HTTP request to UAG server.

Affected Products

Forefront Unified Access Gateway 2010
Forefront Unified Access Gateway 2010 Update 1
Forefront Unified Access Gateway 2010 Update 2

Impact

Cross Site Scripting

Recommended Actions

Apply the patch supplied by the vendor:
http://www.microsoft.com/technet/security/Bulletin/ms10-089.mspx

CVE References

CVE-2010-2733