RT (Request Tracker) Cross Site Request Forgery Vulnerability Network Vulnerability

Summary

This host is installed with Request Tracker and is prone to cross site request forgery vulnerability.

Impact

Successful exploitation will allow attackers to execute arbitrary code with the permissions of the web server. Impact Level: Application

Solution

Upgrade to RT (Request Tracker) version 3.8.10 or 4.0.0rc8. For updates refer to http://www.bestpractical.com/rt/

Insight

The flaw is caused by an error in the external custom field feature, which allows remote authenticated users to execute arbitrary code via unspecified vectors.

Affected

RT (Request Tracker) versions 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7.

References

http://secunia.com/advisories/44189
http://xforce.iss.net/xforce/xfdb/66791
https://bugzilla.redhat.com/show_bug.cgi?id=696795

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1685

CVSS	Base Score: 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
Adobe ColdFusion HTTP Response Splitting Vulnerability
Apache Archiva Multiple Vulnerabilities
7Media Web Solutions EduTrac Directory Traversal Vulnerability

Take action and discover your vulnerabilities