CVE-2008-2027
Summary
| CVE | CVE-2008-2027 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-04-30 14:10:00 UTC |
| Updated | 2018-10-11 20:38:00 UTC |
| Description | Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258 for Web for IIS, when accessed via certain browsers such as Mozilla Firefox, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an ftp URL in the url parameter to a Redirect action. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rsa | Authentication Agent | 5.3.0.258 | All | All | All |
| Application | Rsa | Authentication Agent | 5.3.0.258 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| RSA Authentication Agent for Web URI Redirection Vulnerability | BID | www.securityfocus.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| ProCheckUp - Security Vulnerabilities 2008 | MISC | www.procheckup.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| SecurityReason - Cross-domain redirect on RSA Authentication Agent | SREASON | securityreason.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.