{"vuid":"VU#342793","idnumber":"342793","name":"RSA Keon cross-site scripting vulnerabilities","keywords":["RSA","Keon","cross-site scripting","xss","displayString","reqAttrs","CN_0","SN_1","C2","spk.xuda","add-msie-request.xuda","INFO#11011"],"overview":"The RSA KEON Registration Authority web interface contains multiple cross-site scripting (XSS) vulnerabilities.","clean_desc":"The RSA Keon Certificate Authority (CA) software is a digital certificate management system. The RSA KEON Registration Authority allows the CA to handle large numbers of certificate requests. The RSA KEON Registration Authority web interface contains multiple cross-site scripting vulnerabilities.","impact":"An attacker may be able to obtain sensitive data from the site running the RSA KEON Registration Authority software or use the vulnerability create spoofed content.","resolution":"Upgrade\nRSA has released updates to address this issue. See https://knowledge.rsasecurity.com/ for information on obtaining fixed software.","workarounds":"","sysaffected":"","thanks":"Thanks to \nGamaSEC\n for reporting this vulnerability.","author":"This document was written by Ryan Giobbi.","public":["http://www.gamasec.net/english/gs07-02.html","http://www.securityfocus.com/bid/26196","http://www.frsirt.com/english/advisories/2007/3658","http://www.securitytracker.com/id?1018856","http://secunia.com/advisories/27384"],"cveids":["CVE-2007-5703"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-07-31T19:21:03Z","publicdate":"2007-10-26T00:00:00Z","datefirstpublished":"2007-10-26T14:30:12Z","dateupdated":"2007-11-14T20:34:25Z","revision":7,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"4","cam_impact":"4","cam_easeofexploitation":"18","cam_attackeraccessrequired":"10","cam_scorecurrent":"0.972","cam_scorecurrentwidelyknown":"1.242","cam_scorecurrentwidelyknownexploited":"2.322","ipprotocol":"","cvss_accessvector":"--","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"--","cvss_integrityimpact":"--","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"0","cvss_basevector":"AV:--/AC:--/Au:--/C:--/I:--/A:--","cvss_temporalscore":"0","cvss_environmentalscore":"0","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":0.972,"vulnote":null}