Published: 09/03/2015 Updated: 28/10/2015

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

RT (aka Request Tracker) prior to 4.0.23 and 4.2.x prior to 4.2.10 allows remote malicious users to hijack sessions via an RSS feed URL.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fedoraproject fedora 22
fedoraproject fedora 21
bestpractical request tracker 4.2.9
bestpractical request tracker 4.2.1
bestpractical request tracker 4.2.2
bestpractical request tracker 4.2.3
bestpractical request tracker 4.2.4
bestpractical request tracker
bestpractical request tracker 4.2.6
bestpractical request tracker 4.2.8
bestpractical request tracker 4.2.0
bestpractical request tracker 4.2.5
bestpractical request tracker 4.2.7

Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-9472 Christian Loos discovered a remote denial of service vulnerability, exploitable via the email gateway and affecting any installatio ...

CWE-284 http://www.debian.org/security/2015/dsa-3176 http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html https://nvd.nist.gov https://www.debian.org/security/./dsa-3176

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-1464

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect