RSA Keon Certificate Authority 6.5.1
Sun Solaris 2.8
McAfee Foundstone Enterprise
Customer recently scanned all of our Operational Environment (OE) servers for vulnerabilities using the McAfee Foundstone Enterprise. Vulnerabilities were identified on the KCA and KRA.
KCA Apache web server showing security vulnerability with scan due patch level/version
Customer's scanning tools inform them that the Apache web server is running a patch level/version that contains a security vulnerability
HTTP Smuggling :
===============
As per the reports, Apache is vulnerable only if it is configured as proxy.
RCM /RRM is not compiled with mod_proxy. Hence, RCM, RRM are not susceptible to HTTP smuggling attack.
Memory Segment Overwriting:
==========================
Referred to the CVE link and our CC Vulnerability assessment document for KCA 6.5. Given below is the excerpt from the foot notes :
-----------------------------------------------------------------------------
The file at <http://www.apache.org/dist/httpd/CHANGES_1.3> describes Apache's fix for this vulnerability (search for CAN-2002-0839). The ShmemUIDisUser directive was added because now, by default, "Apache will no longer set the uid/gid of SysV shared memory scoreboard to User/Group, and it will therefore stay the uid/gid of the parent Apache process."
ShmemUIDisUser was added to allow some installations to preserve the old (vulnerable) behavior. The documentation for ShmemUIDisUser (http://httpd.apache.org/docs/mod/core.html#shmemuidisuser <http://httpd.apache.org/docs/mod/core.html>) states that "This directive has no effect on non-System V based scoreboards, such as mmap." In the Apache source code, the file src/include/ap_config.h defines the system-dependant parameters for building Apache. Under the definition for SOLARIS2 is the line:
#define HAVE_MMAP 1
This means that Solaris uses mmap scoreboards, rather than SysV scoreboards.
Other platforms that use mmap scoreboards in Apache include Linux and Win32.
----------------------------------------------------------------------
Hence, RCM and RRM are not susceptible to this attack also.
Apache Redirects and Subrequests Denial-of-Service
========================================
RCM 6.5.1 uses Apache version 1.3.26. RCM 6.5.1 Apache server is still vulnerable to this attack. The customer needs to upgrade to versions 6.6 or above.
Other solutions to view regarding vulnerabilities are:
Apache vulnerability 'Apache HTTP Server mod_rewrite' from scan - "Mod alias/mod rewrite"
Scan of RSA Certificate Manager 6.7 show vulnerabilities with Apache 1.3.33 - "SSLVerifyClient Bypass Restrictions", "mod_ssl ssl_engine_ext Format String Error ", "Cross Scripting"
Has RSA Security addressed possible vulnerabilities detected on Keon Certificate Authority 6.5.1 by Nessus Security Scanner? - "Web Server Supports Outdated SSLv2 Protocol"
Related Articles
Windows Authentication Agent 7.3.x Installation fails with error: "Error 25001.Custom Action Name: Deferred_ServerCer Erro… Number of Views How to respond to Nessus reported OpenSSH Vulnerabilities against the RSA Authentication Manager 8.4 or later Number of Views Authentication Manager version 8.X how to demonstrate no increased risks in RADIUS TCP ports 1812 & 1813 reported vulnerab… Number of Views Weak Certificate Signature Hashing Algorithm on TCP ports 5550 & 5580, CVE-2004-2761, CVE-2005-4900 Number of Views How to disable smart card credential provider on Windows 2012? Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
