Vulnerability Note VU#342793

RSA Keon cross-site scripting vulnerabilities

Original Release date: 26 Oct 2007 | Last revised: 14 Nov 2007

Overview

The RSA KEON Registration Authority web interface contains multiple cross-site scripting (XSS) vulnerabilities.

Description

The RSA Keon Certificate Authority (CA) software is a digital certificate management system. The RSA KEON Registration Authority allows the CA to handle large numbers of certificate requests.

The RSA KEON Registration Authority web interface contains multiple cross-site scripting vulnerabilities.

Impact

An attacker may be able to obtain sensitive data from the site running the RSA KEON Registration Authority software or use the vulnerability create spoofed content.

Solution

Upgrade
RSA has released updates to address this issue. See https://knowledge.rsasecurity.com/ for information on obtaining fixed software.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
RSA Security, Inc.Affected07 Aug 200731 Oct 2007
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to GamaSEC for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

  • CVE IDs: CVE-2007-5703
  • Date Public: 26 Oct 2007
  • Date First Published: 26 Oct 2007
  • Date Last Updated: 14 Nov 2007
  • Severity Metric: 0.97
  • Document Revision: 6

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.