Published: 09/03/2015 Updated: 23/08/2016

CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6

VMScore: 632

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

The email gateway in RT (aka Request Tracker) 3.0.0 up to and including 4.x prior to 4.0.23 and 4.2.x prior to 4.2.10 allows remote malicious users to cause a denial of service (CPU and disk consumption) via a crafted email.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 7.0
fedoraproject fedora 22
fedoraproject fedora 21
bestpractical request tracker 3.8.16
bestpractical request tracker 3.8.17
bestpractical request tracker 4.0.0
bestpractical request tracker 4.0.1
bestpractical request tracker 4.0.14
bestpractical request tracker 4.0.15
bestpractical request tracker 4.0.16
bestpractical request tracker 4.0.17
bestpractical request tracker 4.0.18
bestpractical request tracker 4.2.8
bestpractical request tracker 4.2.9
bestpractical request tracker 3.6.10
bestpractical request tracker 3.8.3
bestpractical request tracker 3.8.13
bestpractical request tracker 3.8.15
bestpractical request tracker 4.0.2
bestpractical request tracker 4.0.4
bestpractical request tracker 4.0.11
bestpractical request tracker 4.0.13
bestpractical request tracker 4.0.20
bestpractical request tracker 4.0.22
bestpractical request tracker 4.2.4
bestpractical request tracker 4.2.6
bestpractical request tracker 3.8.4
bestpractical request tracker 3.8.7
bestpractical request tracker 3.8.9
bestpractical request tracker 3.8.10
bestpractical request tracker 3.8.11
bestpractical request tracker 4.0.6
bestpractical request tracker 4.0.7
bestpractical request tracker 4.0.8
bestpractical request tracker 4.0.9
bestpractical request tracker 4.2.0
bestpractical request tracker 4.2.1
bestpractical request tracker 4.2.2
bestpractical request tracker 4.2.3
bestpractical request tracker 3.6.8
bestpractical request tracker 3.6.11
bestpractical request tracker 3.8.12
bestpractical request tracker 3.8.14
bestpractical request tracker 4.0.3
bestpractical request tracker 4.0.5
bestpractical request tracker 4.0.10
bestpractical request tracker 4.0.12
bestpractical request tracker 4.0.19
bestpractical request tracker 4.0.21
bestpractical request tracker 4.2.5
bestpractical request tracker 4.2.7

Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-9472 Christian Loos discovered a remote denial of service vulnerability, exploitable via the email gateway and affecting any installatio ...

CWE-399 http://www.debian.org/security/2015/dsa-3176 http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html http://www.securityfocus.com/bid/72832 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html https://nvd.nist.gov https://www.debian.org/security/./dsa-3176

CVE-2014-9472

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect