Summary
This host is installed with Request Tracker and is prone to information disclosure vulnerability.
Impact
Successful exploitation will let the authenticated users to obtain sensitive information by using the search interface.
Impact Level: Application
Solution
Upgrade to RT (Request Tracker) version 3.8.10, 3.6.11 or 4.0.0rc8.
For updates refer to http://www.bestpractical.com/rt/
Insight
The flaw is caused by an error in the search interface which can be exploited to disclose certain sensitive information.
Affected
RT (Request Tracker) versions 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7.
References
Severity
Classification
-
CVE CVE-2011-1687 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:P/I:N/A:N
Related Vulnerabilities