CVE-2011-2012

CWE-20 — Improper Input Validation CWE-407 CWE-662 CWE-362 — Race Condition CWE-672 CWE-119 — Buffer Overflow46 documents9 sources

Severity

5.0MEDIUM

EPSS

18.2%

top 4.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Forefront Unified Access Gateway

Timeline

PublishedOct 12

Latest updateMay 17

Description

Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/forefront_unified_access_gateway2010

🔴Vulnerability Details

GHSA

OpenStack Compute (Nova) Improper Input Validation↗2022-05-17

▶

GHSA

GHSA-9q92-w4h6-42xf: Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remot↗2022-05-14

▶

CVEList

CVE-2011-2012: Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remot↗2011-10-12

▶

💥Exploits & PoCs

Exploit-DB

HP Data Protector Client - EXEC_CMD Remote Code Execution↗2012-06-19

▶

Exploit-DB

Sony VAIO Wireless Manager 4.0.0.0 - Buffer Overflow↗2012-05-31

▶

Exploit-DB

XOOPS 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities↗2012-04-19

▶

Exploit-DB

Microsoft Terminal Services - Use-After-Free (MS12-020)↗2012-03-16

▶

Exploit-DB

appRain CMF 0.1.5 - 'Uploadify.php' Unrestricted Arbitrary File Upload↗2012-01-19

▶

📋Vendor Advisories

Red Hat

xml: xerces-c hash table collisions CPU usage DoS (oCERT-2011-003)↗2014-07-08

▶

Red Hat

Webkitgtk: google chrome update [30-April-2012]↗2012-05-01

▶

Red Hat

Webkitgtk: google chrome update [28-March-2012]↗2012-03-28

▶

Red Hat

Mozilla: child nodes from nsDOMAttribute still accessible after removal of nodes (MFSA 2012-04)↗2012-01-31

▶

Drupal

Hash DOS attack prevention with Suhosin needs a .htaccess edit - PSA-2012-001↗2012-01-11

▶

💬Community

Bugzilla

ruby: safe level bypass via name_err_mesg_to_str()↗2012-10-03

▶

Bugzilla

CVE-2011-4953 cobbler: Privilege escalation by processing of crafted management parameters↗2012-04-12

▶

Bugzilla

CVE-2011-4370 CVE-2011-4371 CVE-2011-4372 CVE-2011-4373 CVE-2012-0774 CVE-2012-0775 CVE-2012-0777 acroread: multiple unspecified flaws (APSB12-08, APSB12-01)↗2012-04-05

▶

Bugzilla

CVE-2011-3960 libvorbis: Stack-buffer overflow in render_line↗2012-02-09

▶

Bugzilla

CVE-2012-0830 php: remote code exec flaw introduced in the CVE-2011-4885 hashdos fix [fedora-all]↗2012-02-02

▶