Summary
This host is installed with Request Tracker and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Impact Level: Application
Solution
Upgrade to RT (Request Tracker) version 3.8.10, 3.6.11 or 4.0.0rc8.
For updates refer to http://www.bestpractical.com/rt/
Insight
- Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting SQL code.
- Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Affected
RT (Request Tracker) versions 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7.
References
Severity
Classification
-
CVE CVE-2011-1686, CVE-2011-1689 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Adobe JRun Management Console Multiple Vulnerabilities