CVE-2018-1232

7.5HIGH

Key Information:

Vendor: Dell
Status: Rsa Authentication Agent For Web For Iis, Rsa Authentication Agent For Web For Apache Web Server
Vendor: CVE Published:; 30 March 2018

Summary

RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation.

Affected Version(s)

RSA Authentication Agent for Web for IIS, RSA Authentication Agent for Web for Apache Web Server version 8.0.1 and earlier

References

http://seclists.org/fulldisclosure/2018/Mar/60

mailing-listx_refsource_FULLDISC

http://www.securitytracker.com/id/1040577

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 30, 2018
Vulnerability Reserved
Dec 6, 2017