Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title RSA Keon cross-site scripting vulnerabilities
Informations
Name VU#342793 First vendor Publication 2007-10-26
Vendor VU-CERT Last vendor Modification 2007-11-14
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#342793

RSA Keon cross-site scripting vulnerabilities

Overview

The RSA KEON Registration Authority web interface contains multiple cross-site scripting (XSS) vulnerabilities.

I. Description

The RSA Keon Certificate Authority (CA) software is a digital certificate management system. The RSA KEON Registration Authority allows the CA to handle large numbers of certificate requests.

The RSA KEON Registration Authority web interface contains multiple cross-site scripting vulnerabilities.

II. Impact

An attacker may be able to obtain sensitive data from the site running the RSA KEON Registration Authority software or use the vulnerability create spoofed content.

III. Solution

Upgrade

RSA has released updates to address this issue. See https://knowledge.rsasecurity.com/ for information on obtaining fixed software.

Systems Affected

VendorStatusDate Updated
RSA Security, Inc.Vulnerable31-Oct-2007

References


http://www.gamasec.net/english/gs07-02.html
http://www.securityfocus.com/bid/26196
http://www.frsirt.com/english/advisories/2007/3658
http://www.securitytracker.com/id?1018856
http://secunia.com/advisories/27384

Credit

Thanks to GamaSEC for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

Date Public10/26/2007
Date First Published10/26/2007 10:30:12 AM
Date Last Updated11/14/2007
CERT Advisory 
CVE NameCVE-2007-5703
Metric0.97
Document Revision6

Original Source

Url : http://www.kb.cert.org/vuls/id/342793

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
38299 RSA KEON Registration Authority Add-msie-request.xuda Unspecified XSS
38298 RSA KEON Registration Authority Request-spk.xuda Unspecified Parameter XSS