Vulnerabilities > CVE-2018-1232 - Out-of-bounds Write vulnerability in RSA Authentication Agent for web 8.0/8.0.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Misc. NASL id RSA_AUTHENTICATION_AGENT_FOR_WEB_APACHE_802.NASL description The version of RSA Authentication Agent for Web for Apache is 8.x prior to 8.0.2. It is, therefore, potentially affected by multiple vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 108888 published 2018-04-06 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108888 title RSA Authentication Agent for Web for Apache 8.x < 8.0.2 Multiple Vulnerabilities NASL family Windows NASL id RSA_AUTHENTICATION_AGENT_FOR_WEB_IIS_802.NASL description The version of RSA Authentication Agent for Web for IIS is 8.x prior to 8.0.2. It is, therefore, affected by multiple vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 108889 published 2018-04-06 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108889 title RSA Authentication Agent for Web for IIS 8.x < 8.0.2 Multiple Vulnerabilities