Vulnerability Description
CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Forefront Unified Access Gateway | 2010 |
Related Weaknesses (CWE)
References
- http://osvdb.org/76235
- http://www.securityfocus.com/bid/49979
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-07
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://osvdb.org/76235
- http://www.securityfocus.com/bid/49979
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-07
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2011-1895?
CVE-2011-1895 is a vulnerability with a CVSS score of 4.3 (MEDIUM). CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP respo...
How severe is CVE-2011-1895?
CVE-2011-1895 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1895?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Forefront Unified Access Gateway.