RT Session Fixation Vulnerability Network Vulnerability

Summary

RT is prone to a session-fixation vulnerability. Attackers can exploit this issue to hijack a user's session and gain unauthorized access to the affected application. The issue affects RT 3.0.0 through 3.8.5.

Solution

Updates are available. Please see the references for more information.

References

http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000176.html
http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000177.html
http://www.bestpractical.com/rt/
http://www.securityfocus.com/bid/37162

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3585

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14

Take action and discover your vulnerabilities