000019991 - HTML Tags Embedded in Client Web Requests in cross site scripting

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019991
Applies ToRSA ACE/Agent 5.2 for Web
Sun Solaris 2.8
Sun Solaris 2.9
Microsoft Windows Server 2003
Red Hat Linux
CERT? Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests
Rapid7 Advisory R7-0014
IssueHTML Tags Embedded in Client Web Requests in cross site scripting
CauseCA-2000-02 and Rapid7 Advisory R7-0014 discuss how a Web site may inadvertently include malicious HTML tags or script in a dynamically generated page based on unvalidated input from untrustworthy sources.
ResolutionPatches are available from RSA Security that modify the behavior of the Apache ACE/Agent and RSA ACE/Agent 5.0 for Windows such that they filter malicious characters which allow cross-site scripting to take place. The patches are available RSA Security SecurCare Online on for both RSA ACE/Agent 5.1.1 for Web & RSA ACE/Agent 5.0 for Web and  RSA ACE/Agent 5.0.1 for Windows

A patch for RSA Agent 5.2 for Web on request from RSA Security Customer Support quoting tst00042376

Legacy Article IDa13668

Attachments

    Outcomes