|Applies To||Keon Web Sentry 3.x|
Keon Web Sentry 4.0.x
Microsoft Windows NT 4.0
|Issue||Keon Web Sentry for Microsoft Internet Information Services (IIS) vulnerability|
If ACL rules are set such that a user's certificate allows access to certain web resources, but not others, the user may be able to access the forbidden web resources.
|Cause||The problem occurs when a user connects to a resource for which they have access, then connects to a resource for which they do not have access. In certain situations IIS does not send the information for the second request to WebSentry for ACL checking and allows the user to access the protected resource. Only valid certificates issued by a trusted CA will be able to access the site.|
|Resolution||Download and install the following patch from RSA SecurCare Online.|
For Keon Web Sentry 3.7, click on 3_7wspatch.zip to download the patch.
For Keon Web Sentry 4.0.x, click on 4_0wspatch.zip to download the patch.
|Legacy Article ID||a3171|