CERTVU:342793RSA Keon cross-site scripting vulnerabilities
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.013 Low
EPSS
Percentile
85.7%
Overview
The RSA KEON Registration Authority web interface contains multiple cross-site scripting (XSS) vulnerabilities.
Description
The RSA Keon Certificate Authority (CA) software is a digital certificate management system. The RSA KEON Registration Authority allows the CA to handle large numbers of certificate requests.
The RSA KEON Registration Authority web interface contains multiple cross-site scripting vulnerabilities.
Impact
An attacker may be able to obtain sensitive data from the site running the RSA KEON Registration Authority software or use the vulnerability create spoofed content.
Solution
Upgrade
RSA has released updates to address this issue. See <https://knowledge.rsasecurity.com/> for information on obtaining fixed software.
Vendor Information
342793
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
RSA Security, Inc. __ Affected
Notified: August 07, 2007 Updated: October 31, 2007
Status
Affected
Vendor Statement
The issue has been addressed in RSA Certificate Manager and RSA Registration Manager Software versions 6.5.1 and later. For more information about obtaining updated software, log on to RSA SecurCare Online at <https://knowledge.rsasecurity.com>.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
See <https://knowledge.rsasecurity.com/> for information on obtaining fixed software.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23342793 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 0 | AV:–/AC:–/Au:–/C:–/I:–/A:– |
| Temporal | 0 | E:ND/RL:ND/RC:ND |
| Environmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
- <http://www.gamasec.net/english/gs07-02.html>
- <http://www.securityfocus.com/bid/26196>
- <http://www.frsirt.com/english/advisories/2007/3658>
- <http://www.securitytracker.com/id?1018856>
- <http://secunia.com/advisories/27384>
Acknowledgements
Thanks to GamaSEC for reporting this vulnerability.
This document was written by Ryan Giobbi.
Other Information
| CVE IDs: | CVE-2007-5703 |
|---|---|
| Severity Metric: | 0.97 Date Public: |
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.013 Low
EPSS
Percentile
85.7%