Summary
This host is installed with Request Tracker and is prone to cross site request forgery vulnerability.
Impact
Successful exploitation will allow attackers to execute arbitrary code with the permissions of the web server.
Impact Level: Application
Solution
Upgrade to RT (Request Tracker) version 3.8.10 or 4.0.0rc8.
For updates refer to http://www.bestpractical.com/rt/
Insight
The flaw is caused by an error in the external custom field feature, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
Affected
RT (Request Tracker) versions 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7.
References
Severity
Classification
-
CVE CVE-2011-1685 -
CVSS Base Score: 4.6
AV:N/AC:H/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
- Apache Tomcat source.jsp malformed request information disclosure
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache Archiva Cross Site Request Forgery Vulnerability