Lucene search

SAINT CorporationSAINT:AB1003DFB2C2323D03E96320CB2ABA67

HistoryNov 30, 2005 - 12:00 a.m.

RSA SecurID Web Agent for IIS redirect buffer overflow

2005-11-3000:00:00

SAINT Corporation

my.saintcorporation.com

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

EPSS

0.371

Percentile

97.2%

JSON

Added: 11/30/2005
CVE: CVE-2005-4734
BID: 26424
OSVDB: 20151

Background

RSA SecurID Web Agent for IIS provides access control for IIS web servers using one-time authentication tokens.

Problem

A buffer overflow in **IISWebAgentIF.dll** could allow a remote attacker to execute arbitrary commands using a long, specially crafted url parameter in a Redirect request.

Resolution

Fixes are available from RSA SecurCare Online.

References

<http://secunia.com/advisories/17281/>

Limitations

Web Agent for IIS must be configured correctly in order for this exploit to work.

Platforms

Windows 2000

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

EPSS

0.371

Percentile

97.2%

JSON

Related for SAINT:AB1003DFB2C2323D03E96320CB2ABA67