EMC RSA Authentication Manager CVE-2018-1248 Host Header Injection Vulnerability

Bugtraq ID:	104113
Class:	Input Validation Error
CVE:	CVE-2018-1248
Remote:	Yes
Local:	No
Published:	May 04 2018 12:00AM
Updated:	May 04 2018 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	EMC RSA Authentication Manager Web-tier Server 8.3 EMC RSA Authentication Manager Web-tier Server 0 EMC RSA Authentication Manager 6.1.5 EMC RSA Authentication Manager 8.3 EMC RSA Authentication Manager 8.2 SP1 Patch 7 EMC RSA Authentication Manager 8.2 SP1 Patch 6 EMC RSA Authentication Manager 8.2 SP1 Patch 5 EMC RSA Authentication Manager 8.2 SP1 Patch 4 EMC RSA Authentication Manager 8.2 SP1 Patch 2 EMC RSA Authentication Manager 8.2 SP1 Patch 1 EMC RSA Authentication Manager 8.2 SP1 EMC RSA Authentication Manager 8.2 EMC RSA Authentication Manager 8.1 SP1 Patch 14 EMC RSA Authentication Manager 8.1 Patch 6 EMC RSA Authentication Manager 8.1 EMC RSA Authentication Manager 8.0 EMC RSA Authentication Manager 7.1 EMC RSA Authentication Manager 6.1
Not Vulnerable:	EMC RSA Authentication Manager Web-tier Server 8.3 P1 EMC RSA Authentication Manager 8.3 P1

EMC RSA Authentication Manager CVE-2018-1248 Host Header Injection Vulnerability

EMC RSA Authentication Manager is prone to an host header-injection vulnerability because it fails to properly validate an HTTP request header.

A successful attack may allow attackers to insert a crafted host header to navigate the victim to the attacker's domain.

EMC RSA Authentication Manager CVE-2018-1248 Host Header Injection Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

EMC RSA Authentication Manager CVE-2018-1248 Host Header Injection Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.