RSA Security RSA Authentication Agent For Web XSS

The remote host seems to be running the RSA Security RSA Authentication Agent for web and contains a cross-site scripting (XSS) vulnerability in the 'postdata' variable

Reporter	Title	Published	Views	Family All 9
CVE	CVE-2005-1118	16 Apr 200504:00	–	cve
Cvelist	CVE-2005-1118	16 Apr 200504:00	–	cvelist
EUVD	EUVD-2005-1121	7 Oct 202500:30	–	euvd
NVD	CVE-2005-1118	14 Apr 200504:00	–	nvd
OpenVAS	RSA Security RSA Authentication Agent For Web XSS	3 Nov 200500:00	–	openvas
Prion	Cross site scripting	24 Mar 200822:44	–	prion
Prion	Cross site scripting	30 Apr 200814:10	–	prion
Tenable Nessus	RSA Security RSA Authentication Agent For Web For IIS XSS	9 May 200500:00	–	nessus
CERT	RSA Authentication Agent for Web fails to properly validate input	7 Jun 200500:00	–	cert

# OpenVAS Vulnerability Test
# $Id: rsa_authentication_agent_xss.nasl 6040 2017-04-27 09:02:38Z teissa $
# Description: RSA Security RSA Authentication Agent For Web XSS
#
# Authors:
# David Maciejak <david dot maciejak at kyxar dot fr>
#
# Copyright:
# Copyright (C) 2005 David Maciejak
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

tag_summary = "The remote host seems to be running the RSA Security RSA Authentication 
Agent for web.

The remote version of this software is contains an input validation
flaw in the 'postdata' variable. An attacker may use it to perform a 
cross site scripting attack.";

tag_solution = "Upgraded to version 5.3 or newer.";

#  ref : Oliver Karow <[email protected]>

if(description)
{
 script_id(18213);
 script_version("$Revision: 6040 $");
 script_tag(name:"last_modification", value:"$Date: 2017-04-27 11:02:38 +0200 (Thu, 27 Apr 2017) $");
 script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
 script_cve_id("CVE-2005-1118");
 script_bugtraq_id(13168);
 script_tag(name:"cvss_base", value:"4.3");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
 
 script_name("RSA Security RSA Authentication Agent For Web XSS");

 script_category(ACT_GATHER_INFO);
  script_tag(name:"qod_type", value:"remote_vul");
 script_family("Web application abuses");
 script_copyright("This script is Copyright (C) 2005 David Maciejak");
 script_dependencies("find_service.nasl", "http_version.nasl");
 script_require_ports("Services/www", 80);
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 exit(0);
}

#
# The script code starts here
#

include("http_func.inc");
include("http_keepalive.inc");

port = get_http_port(default:80);

if(!get_port_state(port))exit(0);

req = http_get(item:'/WebID/IISWebAgentIF.dll?postdata="><script>foo</script>', port:port);
res = http_keepalive_send_recv(port:port, data:req);
if( res == NULL ) exit(0);
if (res =~ "HTTP/1\.. 200" && "<TITLE>RSA SecurID " >< res && ereg(pattern:"<script>foo</script>", string:res) )
       security_message(port);

27 Apr 2017 00:00Current

6.1Medium risk

Vulners AI Score6.1

EPSS0.02308