Vulnerabilities > CVE-2005-1118 - Remote Cross-Site Scripting vulnerability in RSA Authentication Agent for web 5.2

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
rsa
nessus
NVD
Published: 2005-04-14
Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers to inject arbitrary web script or HTML via the postdata parameter.

Vulnerable Configurations

Part Description Count
Application
Rsa
1

Nessus

NASL familyCGI abuses : XSS
NASL idRSA_AUTHENTICATION_AGENT_XSS.NASL
descriptionThe remote host appears to be running RSA Authentication Agent for Web for IIS. The remote version of this application fails to adequately sanitize input to the
last seen2020-06-01
modified2020-06-02
plugin id18213
published2005-05-09
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18213
titleRSA Security RSA Authentication Agent For Web For IIS XSS
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(18213);
 script_version("1.15");

 script_cve_id("CVE-2005-1118");
 script_bugtraq_id(13168);
 
 script_name(english:"RSA Security RSA Authentication Agent For Web For IIS XSS");

 script_set_attribute(
  attribute:"synopsis",
  value:
"A web application on the remote host has a cross-site scripting
vulnerability."
 );
 script_set_attribute(
  attribute:"description",
  value:
"The remote host appears to be running RSA Authentication Agent for
Web for IIS.

The remote version of this application fails to adequately sanitize
input to the 'postdata' variable of IISWebAgentIF.dll.  A remote
attacker could exploit this by tricking a user into requesting a
maliciously crafted URL."
 );
 script_set_attribute(
  attribute:"see_also",
  value:"http://www.oliverkarow.de/research/rsaxss.txt"
 );
 script_set_attribute(
  attribute:"solution",
  value:"Upgrade to RSA Authentication Agent for Web for IIS 5.3 or later."
 );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

 script_set_attribute(attribute:"plugin_publication_date", value: "2005/05/09");
 script_set_attribute(attribute:"vuln_publication_date", value: "2005/04/09");
 script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();

 script_summary(english:"Test for XSS flaw in RSA Security RSA Authentication Agent For Web");
 script_category(ACT_GATHER_INFO);
 script_family(english:"CGI abuses : XSS");
 script_copyright(english:"This script is Copyright (C) 2005-2020 Tenable Network Security, Inc.");
 script_dependencie("find_service1.nasl", "http_version.nasl");
 script_require_ports("Services/www", 80);
 exit(0);
}

#
# The script code starts here
#

include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");

port = get_http_port(default:80, embedded:TRUE);

if(!get_port_state(port))exit(0);

req = http_get(item:'/WebID/IISWebAgentIF.dll?postdata="><script>foo</script>', port:port);
res = http_keepalive_send_recv(port:port, data:req);
if( res == NULL ) exit(0);
if ("<TITLE>RSA SecurID " >< res && ereg(pattern:"<script>foo</script>", string:res) )
{
       security_warning(port);
       set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
}

References