Summary
This host is installed with Request Tracker and is prone to directory traversal vulnerability.
Impact
Successful exploitation will allow attackers to access and disclose files outside of RT's root directory via directory traversal attacks.
Impact Level: Application
Solution
Upgrade to RT (Request Tracker) version 3.8.10, 3.6.11 or 4.0.0rc8.
For updates refer to http://www.bestpractical.com/rt/
Insight
The flaw is caused by an unspecified input validation error and can be exploited to access and disclose files outside of RT's root directory via directory traversal attacks.
Affected
RT (Request Tracker) versions 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7
References
Severity
Classification
-
CVE CVE-2011-1688 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities