CVE-2015-0523

EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an invalid MIME e-mail message with a multipart/* Content-Type header.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html	Third Party Advisory VDB Entry
http://seclists.org/bugtraq/2015/Mar/47	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1031912	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emc:rsa_certificate_manager::::::::
	cpe:2.3:a:emc:rsa_registration_manager::::::::

History

No history.

Information

Published : 2015-03-12 10:59

Updated : 2024-02-28 12:20

NVD link : CVE-2015-0523

Mitre link : CVE-2015-0523

CVE.ORG link : CVE-2015-0523

JSON object : View

Products Affected

emc

rsa_certificate_manager
rsa_registration_manager

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2015-0523", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-03-12T10:59:02.567", "references": [{"url": "http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://seclists.org/bugtraq/2015/Mar/47", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}, {"url": "http://www.securitytracker.com/id/1031912", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an invalid MIME e-mail message with a multipart/* Content-Type header."}, {"lang": "es", "value": "EMC RSA Certificate Manager (RCM) anterior a 6.9 build 558 y RSA Registration Manager (RRM) anterior a 6.9 build 558 permiten a atacantes remotos causar una denegaci\u00f3n de servicio del servidor de administraci\u00f3n a trav\u00e9s de un mensaje de email MIME inv\u00e1lido con una cabecera de tipo de contenido multipart/*."}], "lastModified": "2016-08-24T19:26:26.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:emc:rsa_certificate_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2BBC4AF-AEBD-4984-895A-01D74D46BC5E", "versionEndIncluding": "6.8"}, {"criteria": "cpe:2.3:a:emc:rsa_registration_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A89084BC-DA10-4A92-86F3-B6F72EA07330", "versionEndIncluding": "6.8"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}