CVE-2013-1885

Name of the Vulnerable Software and Affected Versions Red Hat Certificate System versions 8.1 Dogtag Certificate System versions 9 and 10

Description The issue affects the token processing system, specifically allowing remote attackers to inject arbitrary web script or HTML. This is achieved by manipulating the PATH INFO to specific API endpoints, such as "/tus/" or "/tus/tus/".

Recommendations For Red Hat Certificate System version 8.1, update to a version that includes the fix for this issue. For Dogtag Certificate System versions 9 and 10, consider restricting access to the vulnerable token processing system until a patch is available. As a temporary workaround, consider disabling the tus/ and tus/tus/ endpoints to minimize the risk of exploitation.