.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
RSA Certificate Manager: Customer reported and internal scanners reported False Positives
Issue
RSA Certificate Manager: Customer reported and internal scanners reported False PositivesCVE Identifier(s):
CVE-2004-0700, CVE-2004-0488, CVE-2004-0492, CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005, CVE-2008-0455, CVE-2008-0456, CVE-2009-2412, CVE-2010-0010
Apache vulnerabilities (CERTMGR-3942)
Cause
Cenzic Hailstorm, Nessus, Qualys reports several warnings and alerts when it scans RSA Certificate Manager. Several of these alerts are false positives - that is, they do not indicate vulnerabilities, but normal behaviors that matched the scanner's signatures, triggering its alerts.Resolution
RSA's responses to this security alert are outlined below:- Column 1: Reported Vulnerability Component
- Column 2: Component Version
- Column 3: CVE ID (if any)
- Column 4: Impact Statement
- Column 5: Technical Details
- Column 1:
- Column 2:
- Column 3:
- Column 4:
- Column 5:
- Column 1:
- Column 2:
- Column 3:
- Column 4:
- Column 5:
- Column 1: Apache mod_proxy is vulnerable
- Column 2:
- Column 3: CVE-2004-0492, CVE-2010-0010, CVE-2011-3348, CVE-2011-4317
- Column 4: False Positive
- Column 5:
CVE-2004-0492: Affected module: mod_proxy. The module, mod_poxy, is not used by RSA Certificate Manager and RSA Registration Manager, therefore this vulnerability is not applicable to RSA CM and RSA RM.
CVE-2010-0010: Affected module: mod_proxy. The module, mod_poxy, is not used by RSA CM and RSA RM, therefore this vulnerability is not applicable to RSA CM and RSA RM (see Primus Apache vulnerabilities shown in RCM/RRM 6.7 and 6.8 - points #7, #10)
CVE-2011-3348: Affected module: mod_proxy. The module, mod_poxy, is not used by RSA Certificate Manager and RSA Registration Manager, therefore this vulnerability is not applicable to RSA CM and RSA RM.
CVE-2011-4317: Affected module: mod_proxy. The module, mod_poxy, is not used by RSA Certificate Manager and RSA Registration Manager, therefore this vulnerability is not applicable to RSA CM and RSA RM.
- Column 1: Apache buffer overflow in mod_ssl 2.8.10
- Column 2:
- Column 3: CVE-2004-0488
- Column 4: False Positive
- Column 5: Affected module : mod_ssl. This is a very old issue. This issue is already patched in RSA Certificate Manager. We do not use the function mentioned in the CVE details. This is not applicable to RSA CM.
- Column 1: Apache mod_ssl format string problem in mod_proxy hook
- Column 2:
- Column 3: CVE-2004-0700
- Column 4: False Positive
- Column 5: Affected module: mod_proxy. This vulnerability does not apply to RSA Certificate Manager, as it is not compiled with mod_proxy (see Primus Apache vulnerabilities shown in RCM/RRM 6.7 and 6.8 - point #9; also see Primus KCA Apache web server showing security vulnerability with scan due patch level/version)
- Column 1: Potentially vulnerable Apache version: 1.3.39
- Column 2:
- Column 3: CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005, CVE-2008-0455, CVE-2008-0456, CVE-2009-2412
- Column 4: False Positive
- Column 5:
CVE-2007-5000: Affected module: mod_imap. This vulnerability does not apply to RSA Certificate Manager, as it is not compiled with mod_imap (see Primus Apache vulnerabilities shown in RCM/RRM 6.7 and 6.8 - points #1, #5, #8).
CVE-2007-6388: Affected module: mod_status. This vulnerability does not apply to RSA Certificate Manager, as mod_status is disabled by default (see Primus Apache vulnerabilities shown in RCM/RRM 6.7 and 6.8 - points #4, #6, #9).
CVE-2007-6421: Affected module: mod_proxy_balancer. The module, mod_poxy_balancer, is not used by RSA Certificate Manager and RSA Registration Manager, therefore this vulnerability is not applicable to RSA CM and RSA RM.
CVE-2007-6422: Affected module: mod_proxy_balancer. The module, mod_poxy_balancer, is not used by RSA CM and RSA RM, therefore this vulnerability is not applicable to RSA CM and RSA RM.
CVE-2008-0005: Affected module: mod_proxy_ftp. The module, mod_poxy_ftp, is not used by RSA CM and RSA RM, therefore this vulnerability is not applicable to RSA CM and RSA RM.
CVE-2008-0455: Affected module: mod_negotiation. This is only relevant if an attacker can upload files with arbitrary names but not with arbitrary contents. This issue was not considered a security issue by the Apache Security Team and so is not considered a security issue for RSA CM.
CVE-2008-0456: Affected module: mod_negotiation. This is only relevant if an attacker can upload files with arbitrary names but not with arbitrary contents. This issue was not considered a security issue by the Apache Security Team and so is not considered a security issue for RSA CM.
CVE-2009-2412: APR libraries. This issue is not applicable to Apache 1.3. Hence this vulnerabilities is not applicable to RSA CM and RSA RM.
- Column 1:
- Column 2:
- Column 3:
- Column 4:
- Column 5:
Internal Comments
UserName:vamato2/21/2012 3:26:01 PM - CERTMGR-4030
CERTMGR-4030
Product Details
RSA Certificate Manager 6.8Qualys
Nessus
SAINT
IBM Appscan
Hailstorm
THIS SOLUTION IS FOR INTERNAL USE ONLY - DO NOT DISTRIBUTE