Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Title RSA Keon cross-site scripting vulnerabilities
Name VU#342793 First vendor Publication 2007-10-26
Vendor VU-CERT Last vendor Modification 2007-11-14
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#342793

RSA Keon cross-site scripting vulnerabilities


The RSA KEON Registration Authority web interface contains multiple cross-site scripting (XSS) vulnerabilities.

I. Description

The RSA Keon Certificate Authority (CA) software is a digital certificate management system. The RSA KEON Registration Authority allows the CA to handle large numbers of certificate requests.

The RSA KEON Registration Authority web interface contains multiple cross-site scripting vulnerabilities.

II. Impact

An attacker may be able to obtain sensitive data from the site running the RSA KEON Registration Authority software or use the vulnerability create spoofed content.

III. Solution


RSA has released updates to address this issue. See https://knowledge.rsasecurity.com/ for information on obtaining fixed software.

Systems Affected

VendorStatusDate Updated
RSA Security, Inc.Vulnerable31-Oct-2007




Thanks to GamaSEC for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

Date Public10/26/2007
Date First Published10/26/2007 10:30:12 AM
Date Last Updated11/14/2007
CERT Advisory 
CVE NameCVE-2007-5703
Document Revision6

Original Source

Url : http://www.kb.cert.org/vuls/id/342793

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
38299 RSA KEON Registration Authority Add-msie-request.xuda Unspecified XSS

38298 RSA KEON Registration Authority Request-spk.xuda Unspecified Parameter XSS