Summary
This host is installed with Request Tracker and is prone to unspecified security bypass vulnerability.
Impact
Successful exploitation will allow remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors.
Impact Level: Application
Solution
Upgrade to RT (Request Tracker) version 3.8.10 or 3.6.11.
For updates refer to http://www.bestpractical.com/rt/
Insight
The flaw is caused by an unspecified error and can be exploited to trick a user into sending authentication credentials to an untrusted 3rd party server.
Affected
RT (Request Tracker) versions 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8.
References
Severity
Classification
-
CVE CVE-2011-1690 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- Apache Web Server ETag Header Information Disclosure Weakness
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
- Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability