lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 25 Jun 2018 11:26:08 +0300
From: okan coskun <>
Subject: Re: [FD] Microsoft Forefront Unified Access Gateway 2010 External
	DNS Interaction

# Exploit Title: Microsoft Forefront Unified Access Gateway 2010 External
DNS Interaction
# Vendor Homepage:
# Version: 2010
# CVE : CVE-2018-12571
# MSRC: Case 39000
# Proof of Concept #1

Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to
trigger outbound DNS queries for arbitrary hosts via a comma-separated list
of URLs in the orig_url parameter, possibly causing a traffic amplification
and/or SSRF outcome.


# Fixes

It will not be patched by Microsoft.

We have completed our investigation and determined that the case doesn't
meet the bar for servicing in a security update

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists