RT (Request Tracker) Unspecified Security Bypass Vulnerability Network Vulnerability

Summary

This host is installed with Request Tracker and is prone to unspecified security bypass vulnerability.

Impact

Successful exploitation will allow remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors. Impact Level: Application

Solution

Upgrade to RT (Request Tracker) version 3.8.10 or 3.6.11. For updates refer to http://www.bestpractical.com/rt/

Insight

The flaw is caused by an unspecified error and can be exploited to trick a user into sending authentication credentials to an untrusted 3rd party server.

Affected

RT (Request Tracker) versions 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8.

References

http://secunia.com/advisories/44189
http://xforce.iss.net/xforce/xfdb/66794
https://bugzilla.redhat.com/show_bug.cgi?id=696795

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1690

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adobe JRun Management Console Multiple Vulnerabilities
AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
@Mail WebMail Email Body HTML Injection Vulnerability
Apache Struts2/XWork Remote Command Execution Vulnerability

Take action and discover your vulnerabilities