Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for RSA Authentication Agent for Web for IIS, RSA Authentication Agent for Web for Apache Web Server by Dell EMC

    CVE-2018-1233 (GCVE-0-2018-1233)

    Vulnerability from nvd – Published: 2018-03-30 21:00 – Updated: 2024-09-16 19:56
    VLAI
    Summary
    RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. The attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website.
    Severity
    No CVSS data available.
    CWE
    • Cross-site Scripting Vulnerability
    Assigner
    References
    URL Tags
    http://seclists.org/fulldisclosure/2018/Mar/60 mailing-listx_refsource_FULLDISC
    http://www.securitytracker.com/id/1040577 vdb-entryx_refsource_SECTRACK
    Date Public
    2018-03-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:51:49.069Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20180326 DSA-2018-040: RSA Authentication Agent for Web for IIS and Apache Web Server Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2018/Mar/60"
              },
              {
                "name": "1040577",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040577"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Authentication Agent for Web for IIS, RSA Authentication Agent for Web for Apache Web Server",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 8.0.1 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-03-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. The attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user\u0027s browser session in the context of the affected website."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site Scripting Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-31T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "20180326 DSA-2018-040: RSA Authentication Agent for Web for IIS and Apache Web Server Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Mar/60"
            },
            {
              "name": "1040577",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040577"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-03-26T00:00:00",
              "ID": "CVE-2018-1233",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Authentication Agent for Web for IIS, RSA Authentication Agent for Web for Apache Web Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 8.0.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. The attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user\u0027s browser session in the context of the affected website."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site Scripting Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20180326 DSA-2018-040: RSA Authentication Agent for Web for IIS and Apache Web Server Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2018/Mar/60"
                },
                {
                  "name": "1040577",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040577"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-1233",
        "datePublished": "2018-03-30T21:00:00.000Z",
        "dateReserved": "2017-12-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:56:31.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1232 (GCVE-0-2018-1232)

    Vulnerability from nvd – Published: 2018-03-30 21:00 – Updated: 2024-09-17 00:25
    VLAI
    Summary
    RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation.
    Severity
    No CVSS data available.
    CWE
    • Stack-based Buffer Overflow Vulnerability
    Assigner
    References
    URL Tags
    http://seclists.org/fulldisclosure/2018/Mar/60 mailing-listx_refsource_FULLDISC
    http://www.securitytracker.com/id/1040577 vdb-entryx_refsource_SECTRACK
    Date Public
    2018-03-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:51:48.928Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20180326 DSA-2018-040: RSA Authentication Agent for Web for IIS and Apache Web Server Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2018/Mar/60"
              },
              {
                "name": "1040577",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040577"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Authentication Agent for Web for IIS, RSA Authentication Agent for Web for Apache Web Server",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 8.0.1 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-03-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stack-based Buffer Overflow Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-31T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "20180326 DSA-2018-040: RSA Authentication Agent for Web for IIS and Apache Web Server Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Mar/60"
            },
            {
              "name": "1040577",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040577"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-03-26T00:00:00",
              "ID": "CVE-2018-1232",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Authentication Agent for Web for IIS, RSA Authentication Agent for Web for Apache Web Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 8.0.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Stack-based Buffer Overflow Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20180326 DSA-2018-040: RSA Authentication Agent for Web for IIS and Apache Web Server Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2018/Mar/60"
                },
                {
                  "name": "1040577",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040577"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-1232",
        "datePublished": "2018-03-30T21:00:00.000Z",
        "dateReserved": "2017-12-06T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:25:34.327Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1232 (GCVE-0-2018-1232)

    Vulnerability from cvelistv5 – Published: 2018-03-30 21:00 – Updated: 2024-09-17 00:25
    VLAI
    Summary
    RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation.
    Severity
    No CVSS data available.
    CWE
    • Stack-based Buffer Overflow Vulnerability
    Assigner
    References
    URL Tags
    http://seclists.org/fulldisclosure/2018/Mar/60 mailing-listx_refsource_FULLDISC
    http://www.securitytracker.com/id/1040577 vdb-entryx_refsource_SECTRACK
    Date Public
    2018-03-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:51:48.928Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20180326 DSA-2018-040: RSA Authentication Agent for Web for IIS and Apache Web Server Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2018/Mar/60"
              },
              {
                "name": "1040577",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040577"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Authentication Agent for Web for IIS, RSA Authentication Agent for Web for Apache Web Server",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 8.0.1 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-03-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stack-based Buffer Overflow Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-31T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "20180326 DSA-2018-040: RSA Authentication Agent for Web for IIS and Apache Web Server Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Mar/60"
            },
            {
              "name": "1040577",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040577"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-03-26T00:00:00",
              "ID": "CVE-2018-1232",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Authentication Agent for Web for IIS, RSA Authentication Agent for Web for Apache Web Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 8.0.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Stack-based Buffer Overflow Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20180326 DSA-2018-040: RSA Authentication Agent for Web for IIS and Apache Web Server Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2018/Mar/60"
                },
                {
                  "name": "1040577",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040577"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-1232",
        "datePublished": "2018-03-30T21:00:00.000Z",
        "dateReserved": "2017-12-06T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:25:34.327Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1233 (GCVE-0-2018-1233)

    Vulnerability from cvelistv5 – Published: 2018-03-30 21:00 – Updated: 2024-09-16 19:56
    VLAI
    Summary
    RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. The attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website.
    Severity
    No CVSS data available.
    CWE
    • Cross-site Scripting Vulnerability
    Assigner
    References
    URL Tags
    http://seclists.org/fulldisclosure/2018/Mar/60 mailing-listx_refsource_FULLDISC
    http://www.securitytracker.com/id/1040577 vdb-entryx_refsource_SECTRACK
    Date Public
    2018-03-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:51:49.069Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20180326 DSA-2018-040: RSA Authentication Agent for Web for IIS and Apache Web Server Multiple Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2018/Mar/60"
              },
              {
                "name": "1040577",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040577"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "RSA Authentication Agent for Web for IIS, RSA Authentication Agent for Web for Apache Web Server",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "version 8.0.1 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-03-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. The attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user\u0027s browser session in the context of the affected website."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site Scripting Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-31T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "20180326 DSA-2018-040: RSA Authentication Agent for Web for IIS and Apache Web Server Multiple Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Mar/60"
            },
            {
              "name": "1040577",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040577"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-03-26T00:00:00",
              "ID": "CVE-2018-1233",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "RSA Authentication Agent for Web for IIS, RSA Authentication Agent for Web for Apache Web Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "version 8.0.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. The attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user\u0027s browser session in the context of the affected website."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site Scripting Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20180326 DSA-2018-040: RSA Authentication Agent for Web for IIS and Apache Web Server Multiple Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2018/Mar/60"
                },
                {
                  "name": "1040577",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040577"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-1233",
        "datePublished": "2018-03-30T21:00:00.000Z",
        "dateReserved": "2017-12-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:56:31.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }