Kai Wilke

**Name of the Vulnerable Software and Affected Versions** Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 **Description** The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. This can be exploited to trick users into revealing sensitive information. **Recommendations** For Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 **Description** The issue allows remote attackers to obtain sensitive information via a crafted HTTPS request due to improper configuration of the default web site. **Recommendations** For Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1, consider reconfiguring the default web site to prevent unfiltered access until a proper fix is available.