CVE-2005-4734
CVE-2005-4734 is a medium-severity vulnerability in Rsa Authentication Agent For Web with a CVSS 2.0 base score of 6.4. Its EPSS exploit-prediction score of 54% places it in the 99th percentile, indicating an elevated likelihood of exploitation.
Key facts
- Severity: Medium (CVSS 2.0 base score 6.4)
- EPSS exploit prediction: 54% (99th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Rsa Authentication Agent For Web
- Published:
- Last modified:
Description
Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method.
Frequently asked questions
- What is CVE-2005-4734?
- Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method.
- How severe is CVE-2005-4734?
- CVE-2005-4734 has a CVSS 2.0 base score of 6.4, rated medium severity.
- Is CVE-2005-4734 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 54% (99th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2005-4734?
- CVE-2005-4734 primarily affects Rsa Authentication Agent For Web. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2005-4734?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2005-4734 published?
- CVE-2005-4734 was published on 2005-12-31 and last updated on 2026-06-16.
References
- http://secunia.com/advisories/17281
- http://www.metasploit.com/projects/Framework/exploits.html#rsa_iiswebagent_redirect
- http://www.osvdb.org/20151
- http://www.securityfocus.com/bid/26424
- https://knowledge.rsasecurity.com/dlcpages/rsa_securid/securid_dlc_aaweb.asp
Affected products (2)
- cpe:2.3:a:rsa:authentication_agent_for_web:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:rsa:authentication_agent_for_web:5.3:*:*:*:*:*:*:*
More vulnerabilities in Rsa Authentication Agent For Web
- CVE-2017-14377 — Critical (CVSS 9.8): EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web…
- CVE-2018-1232 — High (CVSS 7.5): RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a…
- CVE-2018-1233 — Medium (CVSS 6.1): RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a…
- CVE-2018-1234 — Medium (CVSS 5.5): RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list…
- CVE-2010-3261 — Medium (CVSS 5.0): Directory traversal vulnerability in RSA Authentication Agent 7.0 before P2 for Web allows remote attackers to read…
- CVE-2005-3329 — Medium (CVSS 4.3): Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows remote attackers to…