This host is installed with Request Tracker and is prone to directory traversal vulnerability.

Successful exploitation will allow attackers to access and disclose files outside of RT's root directory via directory traversal attacks. Impact Level: Application

Upgrade to RT (Request Tracker) version 3.8.10, 3.6.11 or 4.0.0rc8. For updates refer to http://www.bestpractical.com/rt/

The flaw is caused by an unspecified input validation error and can be exploited to access and disclose files outside of RT's root directory via directory traversal attacks.

RT (Request Tracker) versions 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7

• http://secunia.com/advisories/44189
• http://xforce.iss.net/xforce/xfdb/66795
• https://bugzilla.redhat.com/show_bug.cgi?id=696795

---

Updated on 2015-03-25