Vulnerabilities > CVE-2018-12571 - Server-Side Request Forgery (SSRF) vulnerability in Microsoft Forefront Unified Access Gateway 2010
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Packetstorm
data source | https://packetstormsecurity.com/files/download/148389/msforefront-dnsforge.txt |
id | PACKETSTORM:148389 |
last seen | 2018-07-03 |
published | 2018-07-02 |
reporter | Okan Coskun |
source | https://packetstormsecurity.com/files/148389/Microsoft-Forefront-Unified-Access-Gateway-2010-External-DNS-Interaction.html |
title | Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction |
References
- http://packetstormsecurity.com/files/148389/Microsoft-Forefront-Unified-Access-Gateway-2010-External-DNS-Interaction.html
- http://packetstormsecurity.com/files/148389/Microsoft-Forefront-Unified-Access-Gateway-2010-External-DNS-Interaction.html
- http://seclists.org/fulldisclosure/2018/Jul/2
- http://seclists.org/fulldisclosure/2018/Jul/2
- http://seclists.org/fulldisclosure/2018/Jul/7
- http://seclists.org/fulldisclosure/2018/Jul/7
- http://www.securitytracker.com/id/1041212
- http://www.securitytracker.com/id/1041212