Summary
This host is installed with Request Tracker and is prone to information disclosure vulnerability.
Impact
Successful exploitation will let the authenticated users to obtain sensitive information by using the search interface.
Impact Level: Application
Solution
Upgrade to RT (Request Tracker) version 3.8.10, 3.6.11 or 4.0.0rc8.
For updates refer to http://www.bestpractical.com/rt/
Insight
The flaw is caused by an error in the search interface which can be exploited to disclose certain sensitive information.
Affected
RT (Request Tracker) versions 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7.
References
Severity
Classification
-
CVE CVE-2011-1687 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:P/I:N/A:N
Related Vulnerabilities
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- Apache Web Server ETag Header Information Disclosure Weakness
- Apache ActiveMQ Multiple Vulnerabilities
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability