ID CVE-2005-4734
Summary Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method.
References
Vulnerable Configurations
  • cpe:2.3:a:rsa:authentication_agent_for_web:5.2:*:*:*:*:*:*:*
    cpe:2.3:a:rsa:authentication_agent_for_web:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rsa:authentication_agent_for_web:5.3:*:*:*:*:*:*:*
    cpe:2.3:a:rsa:authentication_agent_for_web:5.3:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 05-09-2008 - 20:57)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:P
refmap via4
bid 26424
misc
osvdb 20151
secunia 17281
saint via4
bid 26424
description RSA SecurID Web Agent for IIS redirect buffer overflow
id misc_rsawebagentredir
osvdb 20151
title rsa_auth_agent_redirect
type remote
Last major update 05-09-2008 - 20:57
Published 31-12-2005 - 05:00
Last modified 05-09-2008 - 20:57
Back to Top