Summary
Request Tracker is prone to an information-disclosure vulnerability because it fails to securely store passwords.
Successful attacks can allow a local attacker to gain access to the stored passwords.
Request Tracker 3.6.x and 3.8.x are affected
other versions may also
be vulnerable.
Solution
Updates are available. Please see the references for details.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-0009 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- /doc directory browsable ?
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities