Summary
RT is prone to a session-fixation vulnerability.
Attackers can exploit this issue to hijack a user's session and gain unauthorized access to the affected application.
The issue affects RT 3.0.0 through 3.8.5.
Solution
Updates are available. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2009-3585 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Apache Tomcat source.jsp malformed request information disclosure
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- Apache Tomcat Information Disclosure Vulnerability
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities