Think you have a false positive on this rule?

Sid 1-20258

Message

OS-WINDOWS Microsoft generic javascript handler in URI XSS attempt

Summary

Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."

Impact

CVSS base score 4.3 CVSS impact score 2.9 CVSS exploitability score 8.6 confidentialityImpact NONE integrityImpact PARTIAL availabilityImpact PARTIAL

CVE-2011-1897:

CVSS base score 4.3

CVSS impact score 2.9

CVSS exploitability score 8.6

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

CVE-2012-0017:

CVSS base score 4.3

CVSS impact score 2.9

CVSS exploitability score 8.6

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

CVE-2015-6099:

CVSS base score 4.3

CVSS impact score 2.9

CVSS exploitability score 8.6

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

CVE-2016-3212:

CVSS base score 6.1

CVSS impact score 2.7

CVSS exploitability score 2.8

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Detailed information

CVE-2011-1897: Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."

CVE-2012-0017: Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."

CVE-2015-6099: Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability."

CVE-2016-3212: The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability."

Affected systems

  • microsoft forefrontunifiedaccess_gateway 2010
  • microsoft sharepoint_foundation 2010
  • microsoft .net_framework 4.0
  • microsoft .net_framework 4.5
  • microsoft .net_framework 4.5.1
  • microsoft .net_framework 4.5.2
  • microsoft .net_framework 4.6
  • microsoft internet_explorer 9
  • microsoft internet_explorer 10
  • microsoft internet_explorer 11

Ease of attack

CVE-2011-1897:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

CVE-2012-0017:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

CVE-2015-6099:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

CVE-2016-3212:

Access Vector

Access Complexity

Authentication

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • technet.microsoft.com/en-us/security/bulletin/MS11-079
  • technet.microsoft.com/en-us/security/bulletin/MS12-011
  • technet.microsoft.com/en-us/security/bulletin/MS15-118
  • technet.microsoft.com/en-us/security/bulletin/MS16-063