CVE-2018-12571
Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome.
uniquesig0/InternalSite/InitParams.aspx en Microsoft Forefront Unified Access Gateway 2010 permite que atacantes remotos desencadenen consultas DNS salientes para hosts arbitrarios mediante una lista de URL separadas por comas en el parámetro orig_url, provocando posiblemente una amplificación de tráfico y/o una salida SSRF.
Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-06-19 CVE Reserved
- 2018-07-02 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-08-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1041212 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Forefront Unified Access Gateway Search vendor "Microsoft" for product "Forefront Unified Access Gateway" | 2010 Search vendor "Microsoft" for product "Forefront Unified Access Gateway" and version "2010" | - |
Affected
| ||||||