RSA Authentication Agent for Web for Apache 8.x < 8.0.1 Build 618 Filter Bypass

critical Nessus Plugin ID 105413

Synopsis

The remote host has an authentication agent installed that is affected by an authentication bypass vulnerability.

Description

The version of RSA Authentication Agent for Web for Apache is 8.x prior to 8.0.1 Build 618. It is, therefore, potentially affected by an unspecified authentication bypass vulnerability.

Solution

Upgrade to RSA Authentication Agent for Web for Apache 8.0.1 Build 618 or later.

See Also

https://seclists.org/fulldisclosure/2017/Nov/46

Plugin Details

Severity: Critical

ID: 105413

File Name: rsa_authentication_agent_for_web_apache_80.nasl

Version: 1.5

Type: local

Family: Misc.

Published: 12/21/2017

Updated: 11/8/2019

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-14377

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:rsa:authentication_agent_for_web

Required KB Items: installed_sw/RSA Authentication Agent for Web for Apache, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 11/16/2017

Vulnerability Publication Date: 11/29/2017

Reference Information

CVE: CVE-2017-14377

BID: 101980