Problem Description:
A vulnerability has been found and corrected in nss:
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as
used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl
in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l,
GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS)
3.12.4 and earlier, and other products, does not properly associate
renegotiation handshakes with an existing connection, which allows
man-in-the-middle attackers to insert data into HTTPS sessions,
Problem Description:
Multiple vulnerabilities has been found and corrected in gnutls:
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as
used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl
in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l,
GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS)
3.12.4 and earlier, and other products, does not properly associate
renegotiation handshakes with an existing connection, which allows
man-in-the-middle attackers to insert data into HTTPS sessions,
Problem Description:
A vulnerability has been identified and corrected in proftpd:
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as
used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl
in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l,
GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS)
3.12.4 and earlier, and other products, does not properly associate
renegotiation handshakes with an existing connection, which allows
man-in-the-middle attackers to insert data into HTTPS sessions,
Vendor informed: 13th December 2007
Severity: Medium-high
Successfully tested on: RSA Authentication Agent 5.3.0.258 for Web for
Internet Information Services
Description:
RSA Authentication Agent is vulnerable to a vanilla XSS on the login page.
Vendor informed: 13th December 2007
Severity: Medium-high
Successfully tested on: RSA Authentication Agent 5.3.0.258 for Web for
Internet Information Services
Description:
RSA Authentication Agent is vulnerable to a vanilla XSS on the login page.
Vendor informed: 13th December 2007
Severity: Medium-high
Successfully tested on: RSA Authentication Agent 5.3.0.258 for Web for
Internet Information Services
Description:
RSA Authentication Agent is vulnerable to a vanilla XSS on the login page.
Vendor informed: 13th December 2007
Severity: Medium-low
Successfully tested on: RSA Authentication Agent 5.3.0.258 for Web for
Internet Information Services in conjunction with Mozilla Firefox 2.0.0.11
Description:
A remote URI redirection vulnerability affects the RSA Authentication
############################################################
Microsoft IIS 0Day Vulnerability in Parsing Files (semi-colon bug)
############################################################
#Application: Microsoft Internet Information Services - IIS (All versions)
#Impact: Highly Critical for Web Applications
#Finding Date: April 2007
#Report Date: Dec. 2009
#Found by: Soroush Dalili (Irsdl {4t] yahoo [d0t} com)
#Website: Soroush.SecProject.com
#Weblog: Soroush.SecProject.com/blog/
-------------------------------------------------
MS Patch - MS08-004 Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
-------------------------------------------------
MS Patch - MS08-005 Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)
Analysis - Possible security issue exists. Patch will run successfully.
Action - For SMA v2.1, customers should download patch from Microsoft and install.
-------------------------------------------------
MS Patch - MS08-006 Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)
Analysis - SMA does not have this component. Patch will not run successfully.
Vendor informed: 13th December 2007
Severity: Medium-low
Successfully tested on: RSA Authentication Agent 5.3.0.258 for Web for
Internet Information Services in conjunction with Mozilla Firefox 2.0.0.11
Description:
A remote URI redirection vulnerability affects the RSA Authentication
Vendor informed: 13th December 2007
Severity: Medium-high
Successfully tested on: RSA Authentication Agent 5.3.0.258 for Web for
Internet Information Services
Description:
RSA Authentication Agent is vulnerable to a vanilla XSS on the login page.
-------------------------------------------------
MS Patch - MS08-004 Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
-------------------------------------------------
MS Patch - MS08-005 Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)
Analysis - Possible security issue exists. Patch will run successfully.
Action - For SMA v2.1, customers should download patch from Microsoft and install.
-------------------------------------------------
MS Patch - MS08-006 Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)
Analysis - SMA does not have this component. Patch will not run successfully.
