Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 up to and including 3.6.9 and 3.8.x up to and including 3.8.5 allows remote malicious users to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a related issue to CVE-2009-3585.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bestpractical rt 3.0.1 |
||
bestpractical rt 3.0.6 |
||
bestpractical rt 3.0.7 |
||
bestpractical rt 3.2.2 |
||
bestpractical rt 3.4.0 |
||
bestpractical rt 3.6.0 |
||
bestpractical rt 3.6.1 |
||
bestpractical rt 3.8.4 |
||
bestpractical rt 3.8.3 |
||
bestpractical rt 3.0.10 |
||
bestpractical rt 3.0.11 |
||
bestpractical rt 3.0.7.1 |
||
bestpractical rt 3.0.8 |
||
bestpractical rt 3.4.1 |
||
bestpractical rt 3.4.2 |
||
bestpractical rt 3.6.2 |
||
bestpractical rt 3.6.3 |
||
bestpractical rt 3.8.0 |
||
bestpractical rt 3.8.1 |
||
bestpractical rt 3.0.12 |
||
bestpractical rt 3.0.2 |
||
bestpractical rt 3.0.9 |
||
bestpractical rt 3.2.0 |
||
bestpractical rt 3.4.3 |
||
bestpractical rt 3.4.4 |
||
bestpractical rt 3.6.4 |
||
bestpractical rt 3.6.5 |
||
bestpractical rt 3.8.2 |
||
bestpractical rt 3.8.5 |
||
bestpractical rt 3.0.3 |
||
bestpractical rt 3.0.4 |
||
bestpractical rt 3.0.5 |
||
bestpractical rt 3.2.1 |
||
bestpractical rt 3.2.3 |
||
bestpractical rt 3.4.5 |
||
bestpractical rt 3.4.6 |
||
bestpractical rt 3.6.6 |
||
bestpractical rt 3.6.7 |
||
bestpractical rt 3.6.8 |
||
bestpractical rt 3.6.9 |