Vulnerabilities > CVE-2018-1232 - Out-of-bounds Write vulnerability in RSA Authentication Agent FOR web

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
rsa
CWE-787
nessus

Summary

RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation.

Vulnerable Configurations

Part Description Count
Application
Rsa
2

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMisc.
    NASL idRSA_AUTHENTICATION_AGENT_FOR_WEB_APACHE_802.NASL
    descriptionThe version of RSA Authentication Agent for Web for Apache is 8.x prior to 8.0.2. It is, therefore, potentially affected by multiple vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id108888
    published2018-04-06
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108888
    titleRSA Authentication Agent for Web for Apache 8.x < 8.0.2 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idRSA_AUTHENTICATION_AGENT_FOR_WEB_IIS_802.NASL
    descriptionThe version of RSA Authentication Agent for Web for IIS is 8.x prior to 8.0.2. It is, therefore, affected by multiple vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id108889
    published2018-04-06
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108889
    titleRSA Authentication Agent for Web for IIS 8.x < 8.0.2 Multiple Vulnerabilities