RT (Request Tracker) Multiple Vulnerabilities Network Vulnerability

Summary

This host is installed with Request Tracker and is prone to multiple vulnerabilities.

Impact

Successful exploitation could allow remote attackers to bypass certain security restrictions or gain knowledge of sensitive information. Impact Level: Application

Solution

Upgrade to RT (Request Tracker) version 3.8.9 or later, For updates refer to http://www.bestpractical.com/rt/

Insight

The multiple flaws are caused by, - An error when resubmitting form data, which could allow local attackers to gain unauthorized access to a user's account. - An error when logging SQL queries during a user account transition, which could allow attackers to disclose sensitive information.

Affected

RT (Request Tracker) versions prior to 3.8.9

References

http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html
http://secunia.com/advisories/43438
http://www.vupen.com/english/advisories/2011/0475

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1007, CVE-2011-1008

CVSS	Base Score: 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N

Related Vulnerabilities

Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
AbanteCart Multiple Cross-Site Scripting Vulnerabilities
AN Guestbook Local File Inclusion Vulnerability
Ampache Reflected Cross Site Scripting Vulnerability
Apache Archiva Multiple Vulnerabilities

Take action and discover your vulnerabilities