Documents Associated to Internet Information Services

New User, Welcome! Login

Internet Information Services

ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability

RSA Authentication Agent for Microsoft Windows 7.1

RSA SecurID Authentication Agent 7.1  for Web for Apache Web Server

RSA SecurID Authentication Agent 7.1  for Web for Internet Information Services

 

Summary:

=?iso-8859-1?Q?ESA-2013-031:_RSA=AE_Authentication_Agent_Cross-Site_Scrip?= =?iso-8859-1?Q?ting_(XSS)_Vulnerability?=

 

Affected Products:

    RSA® Authentication Agent 7.1 for Web for Internet Information Services
    RSA® Authentication Agent 7.1 for Web for Apache

 

Summary:

PR07-44: XSS on RSA Authentication Agent login page

Vendor informed: 13th December 2007

Severity: Medium-high

Successfully tested on: RSA Authentication Agent 5.3.0.258 for Web for
Internet Information Services


Description:

RSA Authentication Agent is vulnerable to a vanilla XSS on the login page.

[security bulletin] HPSBST02314 SSRT080016 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-003 to MS08-013

 ------------------------------------------------- 
MS Patch - MS08-004 Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456) 
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
 ------------------------------------------------- 
MS Patch - MS08-005 Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831) 
Analysis - Possible security issue exists. Patch will run successfully.
Action - For SMA v2.1, customers should download patch from Microsoft and install.
 ------------------------------------------------- 
MS Patch - MS08-006 Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830) 
Analysis - SMA does not have this component. Patch will not run successfully.

[security bulletin] HPSBST02314 SSRT080016 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-003 to MS08-013

 ------------------------------------------------- 
MS Patch - MS08-004 Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456) 
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
 ------------------------------------------------- 
MS Patch - MS08-005 Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831) 
Analysis - Possible security issue exists. Patch will run successfully.
Action - For SMA v2.1, customers should download patch from Microsoft and install.
 ------------------------------------------------- 
MS Patch - MS08-006 Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830) 
Analysis - SMA does not have this component. Patch will not run successfully.

PR07-43: Cross-domain redirect on RSA Authentication Agent

Vendor informed: 13th December 2007

Severity: Medium-low

Successfully tested on: RSA Authentication Agent 5.3.0.258 for Web for
Internet Information Services in conjunction with Mozilla Firefox 2.0.0.11


Description:

A remote URI redirection vulnerability affects the RSA Authentication

PR07-44: XSS on RSA Authentication Agent login page

Vendor informed: 13th December 2007

Severity: Medium-high

Successfully tested on: RSA Authentication Agent 5.3.0.258 for Web for
Internet Information Services


Description:

RSA Authentication Agent is vulnerable to a vanilla XSS on the login page.

ESA-2010-017: RSA, The Security Division of EMC, announces a security update for RSA Authentication Agent 7.0 for Web, which addresses a potential directory traversal vulnerability

contain more detailed information about the specific security fix in these
releases.

Affected Products:
RSA Authentication Agent 7.0 for Web for Apache Web Server
RSA Authentication Agent 7.0 for Web for Internet Information Services

Recommendation:
RSA strongly recommends that all customers running earlier versions of RSA
Authentication Agent for Web upgrade to the latest patch versions. RSA
Authentication Agent 7.0 P2 for Web is available for download from

PR07-43: Cross-domain redirect on RSA Authentication Agent

Vendor informed: 13th December 2007

Severity: Medium-low

Successfully tested on: RSA Authentication Agent 5.3.0.258 for Web for
Internet Information Services in conjunction with Mozilla Firefox 2.0.0.11


Description:

A remote URI redirection vulnerability affects the RSA Authentication

PR07-44: XSS on RSA Authentication Agent login page

Vendor informed: 13th December 2007

Severity: Medium-high

Successfully tested on: RSA Authentication Agent 5.3.0.258 for Web for
Internet Information Services


Description:

RSA Authentication Agent is vulnerable to a vanilla XSS on the login page.

PR07-44: XSS on RSA Authentication Agent login page

Vendor informed: 13th December 2007

Severity: Medium-high

Successfully tested on: RSA Authentication Agent 5.3.0.258 for Web for
Internet Information Services


Description:

RSA Authentication Agent is vulnerable to a vanilla XSS on the login page.

[ MDVSA-2010:089 ] gnutls

 Problem Description:

 Multiple vulnerabilities has been found and corrected in gnutls:
 
 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as
 used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl
 in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l,
 GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS)
 3.12.4 and earlier, and other products, does not properly associate
 renegotiation handshakes with an existing connection, which allows
 man-in-the-middle attackers to insert data into HTTPS sessions,

[ MDVSA-2010:069 ] nss

 Problem Description:

 A vulnerability has been found and corrected in nss:
 
 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as
 used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl
 in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l,
 GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS)
 3.12.4 and earlier, and other products, does not properly associate
 renegotiation handshakes with an existing connection, which allows
 man-in-the-middle attackers to insert data into HTTPS sessions,

[ MDVSA-2009:337 ] proftpd

 Problem Description:

 A vulnerability has been identified and corrected in proftpd:
 
 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as
 used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl
 in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l,
 GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS)
 3.12.4 and earlier, and other products, does not properly associate
 renegotiation handshakes with an existing connection, which allows
 man-in-the-middle attackers to insert data into HTTPS sessions,

Microsoft IIS 0Day Vulnerability in Parsing Files (semi-colon bug)

############################################################
Microsoft IIS 0Day Vulnerability in Parsing Files (semi-colon bug)
############################################################
#Application: Microsoft Internet Information Services - IIS (All versions)
#Impact: Highly Critical for Web Applications
#Finding Date: April 2007
#Report Date: Dec. 2009
#Found by: Soroush Dalili (Irsdl {4t] yahoo [d0t} com)
#Website: Soroush.SecProject.com
#Weblog: Soroush.SecProject.com/blog/

Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin

it seems Microsoft doesn't want to patch the vulnerabilities I posted
back in June,
at least not in the July update.

The posting included some important bugs in the Internet Information
Services, one of their
flagship products:
http://seclists.org/fulldisclosure/2012/Jun/189

The July Security Bulletin doesn't mention any bug.
http://technet.microsoft.com/en-us/security/bulletin/ms12-jul

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!