Vulnerability CVE-2006-3894


Published: 2007-05-22   Modified: 2012-02-12

Description:
The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects.

Vendor: RSA
Product: Bsafe crypto-c 
Version: 6.3;
Product: Bsafe cert-c 
Version: 2.7;

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www.kb.cert.org/vuls/id/754281
http://xforce.iss.net/xforce/xfdb/34430
http://www.vupen.com/english/advisories/2007/1945
http://www.vupen.com/english/advisories/2007/1909
http://www.vupen.com/english/advisories/2007/1908
http://www.cisco.com/en/US/products/products_security_advisory09186a0080847c5d.shtml
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5778
http://osvdb.org/35338
http://jvn.jp/cert/JVNVU%23754281/index.html
https://secure-support.novell.com/KanisaPlatform/Publishing/97/3590033_f.SAL_Public.html
http://xforce.iss.net/xforce/xfdb/34430
http://www.securitytracker.com/id?1018095
http://www.securityfocus.com/bid/24104
http://secunia.com/advisories/25399
http://secunia.com/advisories/25364
http://secunia.com/advisories/25343

Related CVE
CVE-2019-3716
RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may ob...
CVE-2019-3715
RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the ex...
CVE-2019-3711
RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrat...
CVE-2018-15782
The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick s...
CVE-2018-11075
RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. A remote, unauthenticated malicious user, with the knowledge of a target user's anti-CSRF token, could potentially ...
CVE-2018-11074
RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by...
CVE-2018-11073
RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript cod...
CVE-2018-11060
RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.

Copyright 2019, cxsecurity.com

 

Back to Top