Details of VAR-201011-0261

ID

VAR-201011-0261

CVE

CVE-2010-3936

TITLE

Microsoft Forefront Unified Access Gateway 'Signurl.asp' Cross-Site Scripting Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2010-2766 // BID: 44634

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability.". This is a non-persistent cross-site scripting vulnerability that allows an attacker to send commands to a UAG server in the target user context. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks. The solution mainly provides application intelligence technology and fine-grained access control functions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-313A Microsoft Updates for Multiple Vulnerabilities Original release date: November 09, 2010 Last revised: -- Source: US-CERT Systems Affected * Microsoft Forefront United Access Gateway * Microsoft Office Overview There are multiple vulnerabilities in Microsoft Office, and Microsoft Forefront United Access Gateway. Microsoft has released updates to address these vulnerabilities. I. Microsoft has released updates to address the vulnerabilities. II. III. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for November 2010. That bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * Microsoft Security Bulletin Summary for November 2010 - <http://www.microsoft.com/technet/security/bulletin/ms10-nov.mspx> * Microsoft Windows Server Update Services - <http://technet.microsoft.com/en-us/wsus/default.aspx> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA10-313A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA10-313A Feedback VU#885756" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History November 09, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTNnAcT6pPKYJORa3AQL5sAf+M/weZ9AAw0AHsHEvP6YONTiKyN/cXWr/ qwX6gVDZcU0VTbDRGrLxuCPwAkF/EpWEX0TeYlGmv67az5lQgnKoDZxPYRi8yCHy +DxC0RDcZJssjilanhbk/8UlECeKZDrED/wFbXxvReyUffYXjgbWPh+a5Fe8Mwbq BpmCcmSTqFq53RLwn8c6li7cFtah0zJ88NHACknC5PPjPNCmSsOiYZM3/mEEolIi OIQG3HOpV+XfzCsFGNPT5rm+9xvXIseFibSJcp+OtUBS81sPO63tJiPbsvLDwmbD 1Dgu2MPusnokIVDSB0LLf3IIkpf1vAh6Idkilhf/FfThHa9VCOUcoA== =Xbxy -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Forefront Unified Access Gateway Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42131 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42131/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42131 RELEASE DATE: 2010-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/42131/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42131/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42131 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Forefront Unified Access Gateway (UAG), which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks. 1) A weakness in UAG allows redirecting users to an untrusted site e.g. spoofing a legitimate UAG Web interface. 2) Unspecified input is not properly sanitised before being returned to the user. 3) Unspecified input passed to the UAG Mobile Portal website is not properly sanitised before being returned to the user. 4) Unspecified input passed to Signurl.asp is not properly sanitised before being returned to the user. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS10-089 (KB2316074, KB2418933, KB2433584, KB2433585): http://www.microsoft.com/technet/security/Bulletin/MS10-089.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.7

sources: NVD: CVE-2010-3936 // JVNDB: JVNDB-2010-002454 // CNVD: CNVD-2010-2766 // BID: 44634 // VULHUB: VHN-46541 // PACKETSTORM: 95711 // PACKETSTORM: 95727

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-2766

AFFECTED PRODUCTS

vendor:

microsoft

model:

forefront unified access gateway

scope:

version:

2010

Trust: 3.0

sources: CNVD: CNVD-2010-2766 // JVNDB: JVNDB-2010-002454 // CNNVD: CNNVD-201011-129 // NVD: CVE-2010-3936

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-3936
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-3936
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201011-129
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-46541
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-3936
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-46541
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-46541 // JVNDB: JVNDB-2010-002454 // CNNVD: CNNVD-201011-129 // NVD: CVE-2010-3936

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-46541 // JVNDB: JVNDB-2010-002454 // NVD: CVE-2010-3936

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201011-129

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201011-129

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002454

PATCH

title:	MS10-089	url:	http://www.microsoft.com/technet/security/bulletin/MS10-089.mspx	Trust: 0.8
title:	MS10-089	url:	http://www.microsoft.com/japan/technet/security/bulletin/ms10-089.mspx	Trust: 0.8
title:	MS10-089e	url:	http://www.microsoft.com/japan/security/bulletins/MS10-089e.mspx	Trust: 0.8
title:	TA10-313A	url:	http://software.fujitsu.com/jp/security/vulnerabilities/ta10-313a.html	Trust: 0.8
title:	Patch for Microsoft Forefront Unified Access Gateway 'Signurl.asp' Cross-Site Scripting Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/1684	Trust: 0.6

sources: CNVD: CNVD-2010-2766 // JVNDB: JVNDB-2010-002454

EXTERNAL IDS

db:	NVD	id:	CVE-2010-3936	Trust: 3.4
db:	USCERT	id:	TA10-313A	Trust: 2.0
db:	SECUNIA	id:	42131	Trust: 1.5
db:	BID	id:	44634	Trust: 1.2
db:	USCERT	id:	SA10-313A	Trust: 0.8
db:	VUPEN	id:	ADV-2010-2925	Trust: 0.8
db:	JVNDB	id:	JVNDB-2010-002454	Trust: 0.8
db:	CNNVD	id:	CNNVD-201011-129	Trust: 0.7
db:	CNVD	id:	CNVD-2010-2766	Trust: 0.6
db:	MS	id:	MS10-089	Trust: 0.6
db:	VULHUB	id:	VHN-46541	Trust: 0.1
db:	PACKETSTORM	id:	95711	Trust: 0.1
db:	PACKETSTORM	id:	95727	Trust: 0.1

sources: CNVD: CNVD-2010-2766 // VULHUB: VHN-46541 // BID: 44634 // JVNDB: JVNDB-2010-002454 // PACKETSTORM: 95711 // PACKETSTORM: 95727 // CNNVD: CNNVD-201011-129 // NVD: CVE-2010-3936

REFERENCES

url:	http://www.us-cert.gov/cas/techalerts/ta10-313a.html	Trust: 1.9
url:	http://secunia.com/advisories/42131	Trust: 1.4
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-089	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12218	Trust: 1.1
url:	http://www.microsoft.com/technet/security/bulletin/ms10-089.mspx	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3936	Trust: 0.8
url:	https://www.jpcert.or.jp/at/2010/at100030.txt	Trust: 0.8
url:	http://jvn.jp/cert/jvnta10-313a	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3936	Trust: 0.8
url:	http://www.securityfocus.com/bid/44634	Trust: 0.8
url:	http://www.us-cert.gov/cas/alerts/sa10-313a.html	Trust: 0.8
url:	http://www.vupen.com/english/advisories/2010/2925	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/#topics	Trust: 0.8
url:	http://www.microsoft.com/technet/security/bulletin/ms10-089.mspxhttp	Trust: 0.6
url:	http://www.microsoft.com	Trust: 0.3
url:	http://www.us-cert.gov/cas/techalerts/ta10-313a.html>	Trust: 0.1
url:	http://www.microsoft.com/technet/security/bulletin/ms10-nov.mspx>	Trust: 0.1
url:	http://www.us-cert.gov/cas/signup.html>.	Trust: 0.1
url:	http://www.us-cert.gov/legal.html>	Trust: 0.1
url:	http://technet.microsoft.com/en-us/wsus/default.aspx>	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=42131	Trust: 0.1
url:	http://secunia.com/advisories/42131/#comments	Trust: 0.1
url:	http://secunia.com/products/corporate/evm/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/products/corporate/vim/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/advisories/42131/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

CREDITS

Microsoft

Trust: 0.9

sources: BID: 44634 // CNNVD: CNNVD-201011-129

SOURCES

db:	CNVD	id:	CNVD-2010-2766
db:	VULHUB	id:	VHN-46541
db:	BID	id:	44634
db:	JVNDB	id:	JVNDB-2010-002454
db:	PACKETSTORM	id:	95711
db:	PACKETSTORM	id:	95727
db:	CNNVD	id:	CNNVD-201011-129
db:	NVD	id:	CVE-2010-3936

LAST UPDATE DATE

2025-04-11T21:01:28.697000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-2766	date:	2010-11-11T00:00:00
db:	VULHUB	id:	VHN-46541	date:	2018-10-12T00:00:00
db:	BID	id:	44634	date:	2013-04-19T13:09:00
db:	JVNDB	id:	JVNDB-2010-002454	date:	2010-12-07T00:00:00
db:	CNNVD	id:	CNNVD-201011-129	date:	2010-11-11T00:00:00
db:	NVD	id:	CVE-2010-3936	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-2766	date:	2010-11-11T00:00:00
db:	VULHUB	id:	VHN-46541	date:	2010-11-10T00:00:00
db:	BID	id:	44634	date:	2010-11-09T00:00:00
db:	JVNDB	id:	JVNDB-2010-002454	date:	2010-12-07T00:00:00
db:	PACKETSTORM	id:	95711	date:	2010-11-10T05:24:37
db:	PACKETSTORM	id:	95727	date:	2010-11-10T05:23:08
db:	CNNVD	id:	CNNVD-201011-129	date:	2010-11-11T00:00:00
db:	NVD	id:	CVE-2010-3936	date:	2010-11-10T03:00:02.490