Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258 for Web for IIS, when accessed via certain browsers such as Mozilla Firefox, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an ftp URL in the url parameter to a Redirect action.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
RSA认证代理URI重新定向漏洞
Vulnerability Description
RSA认证代理软件是非常流行的动态认证工具,可控制对公司网络、基于Web的应用和操作系统的访问。 RSA认证代理处理URL参数时存在输入验证漏洞,远程攻击者可能利用此漏洞执行钓鱼攻击。 当RSA认证代理访问特制的URL时,服务器端脚本/WebID/IISWebAgentIF.dll只过滤了http://和https:// 协议的url参数但没有过滤FTP或Gopher协议的URL参数。如果攻击者向允许匿名连接的FTP服务器上传了伪造的登录页面的话,就可能将用户重新定向至任意页面,这有助于攻击者发动网络钓鱼
CVSS Information
N/A
Vulnerability Type
N/A