.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
RSA Certificate Manager: Customer reported and internal scanners reported False Positives
Issue
RSA Certificate Manager: Customer reported and internal scanners reported False PositivesCVE Identifier(s):
CVE-2004-0700, CVE-2004-0488, CVE-2004-0492, CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005, CVE-2008-0455, CVE-2008-0456, CVE-2009-2412, CVE-2010-0010
Apache vulnerabilities (CERTMGR-3942)
Cause
Cenzic Hailstorm, Nessus, Qualys reports several warnings and alerts when it scans RSA Certificate Manager. Several of these alerts are false positives - that is, they do not indicate vulnerabilities, but normal behaviors that matched the scanner's signatures, triggering its alerts.Resolution
RSA's responses to this security alert are outlined below:Internal Comments
UserName:vamato2/21/2012 3:26:01 PM - CERTMGR-4030
CERTMGR-4030
Product Details
RSA Certificate Manager 6.8Qualys
Nessus
SAINT
IBM Appscan
Hailstorm
THIS SOLUTION IS FOR INTERNAL USE ONLY - DO NOT DISTRIBUTE