Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveDellCVE-2018-1232
HistoryMar 30, 2018 - 9:29 p.m.

CVE-2018-1232

2018-03-3021:29:01
CWE-787
dell
web.nvd.nist.gov
57
cve-2018-1232
rsa authentication agent
buffer overflow
web security
denial-of-service
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

39.7%

JSON

RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation.

Affected configurations

Nvd
Node
rsaauthentication_agent_for_webRange8.0.1apache_web_server
OR
rsaauthentication_agent_for_webRange8.0.1iis
VendorProductVersionCPE
rsaauthentication_agent_for_web*cpe:2.3:a:rsa:authentication_agent_for_web:*:*:*:*:*:apache_web_server:*:*
rsaauthentication_agent_for_web*cpe:2.3:a:rsa:authentication_agent_for_web:*:*:*:*:*:iis:*:*

CNA Affected

[
  {
    "product": "RSA Authentication Agent for Web for IIS, RSA Authentication Agent for Web for Apache Web Server",
    "vendor": "Dell EMC",
    "versions": [
      {
        "status": "affected",
        "version": "version 8.0.1 and earlier"
      }
    ]
  }
]

Related

nvd 1
prion 1
cvelist 1
nessus 2
openvas 1
zdt 1
f5 1
nvd
nvd
CVE-2018-1232
2018-03-30 21:29:01
prion
prion
Stack overflow
2018-03-30 21:29:00
cvelist
cvelist
CVE-2018-1232
2018-03-30 21:00:00
nessus
nessus
RSA Authentication Agent for Web for Apache 8.x < 8.0.2 Multiple Vulnerabilities
2018-04-06 00:00:00
RSA Authentication Agent for Web for IIS 8.x < 8.0.2 Multiple Vulnerabilities
2018-04-06 00:00:00
openvas
openvas
RSA Authentication Agent (IIS) < 8.0.2 Multiple Vulnerabilities
2018-04-09 00:00:00
zdt
zdt
RSA Authentication Agent For Web XSS / Buffer Overflow Vulnerability
2018-03-29 00:00:00
f5
f5
K56231955 : RSA Authentication Agent vulnerabilities CVE-2018-1232, CVE-2018-1233, and CVE-2018-1234
2018-07-19 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

39.7%

JSON
Related for CVE-2018-1232
nvd1prion1cvelist1nessus2openvas1zdt1f51