Vulnerability Note VU#342793

RSA Keon cross-site scripting vulnerabilities

Overview

The RSA KEON Registration Authority web interface contains multiple cross-site scripting (XSS) vulnerabilities.

I. Description

The RSA Keon Certificate Authority (CA) software is a digital certificate management system. The RSA KEON Registration Authority allows the CA to handle large numbers of certificate requests.

The RSA KEON Registration Authority web interface contains multiple cross-site scripting vulnerabilities.

II. Impact

An attacker may be able to obtain sensitive data from the site running the RSA KEON Registration Authority software or use the vulnerability create spoofed content.

III. Solution

Upgrade

RSA has released updates to address this issue. See https://knowledge.rsasecurity.com/ for information on obtaining fixed software.

Systems Affected

Vendor	Status	Date Notified	Date Updated
RSA Security, Inc.	Vulnerable	31-Oct-2007

References

http://www.gamasec.net/english/gs07-02.html
http://www.securityfocus.com/bid/26196
http://www.frsirt.com/english/advisories/2007/3658
http://www.securitytracker.com/id?1018856
http://secunia.com/advisories/27384

Credit

Thanks to GamaSEC for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

Date Public:	2007-10-26
Date First Published:	2007-10-26
Date Last Updated:	2007-11-14
CERT Advisory:
CVE-ID(s):	CVE-2007-5703
NVD-ID(s):	CVE-2007-5703
US-CERT Technical Alerts:
Metric:	0.97
Document Revision:	6

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2007 by US-CERT, a government organization
Disclaimers and copyright information

Get Adobe Reader