Detections
Analytics

RSA Security RSA Authentication Agent For Web For IIS XSS

medium Nessus Plugin ID 18213

Language:

Synopsis

A web application on the remote host has a cross-site scripting vulnerability.

Description

The remote host appears to be running RSA Authentication Agent for Web for IIS.

The remote version of this application fails to adequately sanitize input to the 'postdata' variable of IISWebAgentIF.dll. A remote attacker could exploit this by tricking a user into requesting a maliciously crafted URL.

Solution

Upgrade to RSA Authentication Agent for Web for IIS 5.3 or later.

See Also

http://www.oliverkarow.de/research/rsaxss.txt

Plugin Details

Severity: Medium

ID: 18213

File Name: rsa_authentication_agent_xss.nasl

Version: 1.16

Type: remote

Published: 5/9/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

Exploit Ease: No exploit is required

Vulnerability Publication Date: 4/9/2005

Reference Information

CVE: CVE-2005-1118

BID: 13168

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990