Emc rsa Authentication Manager CRLF Injection Vulnerability (CVE-2016-0902)
Emc rsa Authentication Manager CRLF Injection Vulnerability (CVE-2016-0902)
Release date:
Updated on:
Affected Systems:
Emc rsa Authentication Manager <8.1 SP1 P14
Description:
CVE (CAN) ID: CVE-2016-0902
RSA Authentication Manager is a platform behind RSA SecurID. It allows you to centrally manage the RSA SecurID environment across multiple physical sites, including identity Authentication methods, users, applications, and proxies.
In versions earlier than RSA Authentication Manager 8.1 SP1 P14, the carriage return character injection vulnerability exists in the HTTP Response Header, which allows attackers to inject arbitrary HTTP headers and execute HTTP Response isolation attacks.
<* Source: RSA
*>
Suggestion:
Vendor patch:
EMC
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://seclists.org/bugtraq/2016/May/att-23/ESA-2016-051.txt
This article permanently updates the link address: