SB2018050704 - Multiple vulnerabilities in RSA Authentication Manager
Published: May 7, 2018
Security Bulletin ID
SB2018050704
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) XXE attack (CVE-ID: CVE-2018-1247)
CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information and cause DoS condition on the target system.
The weakness exists due to improper restrictions of XML External Entity (XXE) references. A remote attacker can supply specially crafted XML External Entity (XXE) data to the target interface, read files with the privileges of the target service or cause the service to crash.
2) HTTP response splitting (CVE-ID: CVE-2018-1248)
CWE-ID: CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information and write arbitrary files on the target system.
The weakness exists due to improper handling of HTTP requests. A remote attacker can trick the victim into opening a specially crafted URL, conduct HTTP header injection attack and poison any intermediate web caches with arbitrary content.
Remediation
Install update from vendor's website.