EMC RSA Authentication Manager Multiple Vulnerabilities Fixed by 8.1 SP1 Patch 14


Description   (#Several vulnerabilities were reported in EMC RSA Authentication Manager:#- CVE-2016-0900 and CVE-2016-0901: multiple cross-site scripting vulnerabilities##- CVE-2016-0902: HTTP response splitting by injecting carriage return and line feed characters in the HTTP response headers.)
     
Vulnerable Products   Vulnerable Software:
RSA Authentication Manager (EMC) - 7.1, 7.1 SP1, 7.1 SP2, 7.1 SP3, 7.1 SP4, 8.0, 8.1
     
Solution   EMC has released version 8.1 SP1 Patch 14 of RSA Authentication Manager which fixes these vulnerabilities.
     
CVE   CVE-2016-0902
CVE-2016-0901
CVE-2016-0900
     
References   - ESA-2016-051: Patch 14 for RSA® Authentication Manager 8.1 SP1 to Address Multiple Vulnerabilities
http://seclists.org/bugtraq/2016/May/att-23/ESA-2016-051.txt
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
HTTP Request Smuggling : HTTP command found in header
3.2.0
HTTP Request Smuggling : Content-Length and Transfer-Encoding: chunked fields in header
3.2.0
HTTP Request Smuggling : suspicious syntax using HTTP keyword
3.2.0
HTTP Request Smuggling : multiple Content-Length fields
3.2.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2016-05-04 

 Target Type 
Server 

 Possible exploit 
Remote