Stack-based Buffer Overflow in RSA Authentication Agent for Web on IIS and Apache
CVE-2018-1232

7.5HIGH

Key Information:

Vendor: Dell
Status: Rsa Authentication Agent For Web For Iis, Rsa Authentication Agent For Web For Apache Web Server
Vendor: CVE Published:; 30 March 2018

Summary

RSA Authentication Agent for Web versions 8.0.1 and earlier for IIS and Apache Web Server are vulnerable to a stack-based buffer overflow. This vulnerability can be triggered when processing malformed web cookies, potentially allowing an attacker to crash the authentication agent, leading to a denial-of-service condition. It is crucial for organizations using this software to assess their risk and apply security patches provided by the vendor.

Affected Version(s)

RSA Authentication Agent for Web for IIS, RSA Authentication Agent for Web for Apache Web Server version 8.0.1 and earlier

References

http://seclists.org/fulldisclosure/2018/Mar/60

mailing-listx_refsource_FULLDISC

http://www.securitytracker.com/id/1040577

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 30, 2018
Vulnerability Reserved
Dec 6, 2017