Vulnerabilites related to bestpractical - RT
Vulnerability from fkie_nvd
Published
2011-01-25 19:00
Modified
2025-04-11 00:51
Severity ?
Summary
Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C08EC9C6-25A9-4EE7-BD81-97E5D4446A2C",
"versionEndIncluding": "3.8.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F451959A-5305-4210-977B-6B396BC0A4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA418CF5-49D6-4E0E-A1B5-8CB23752989D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E238F87-8D8C-4E62-A8F0-3DB9EFDB8328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD8A7EF-5DB8-40C6-9124-A97A23B3EA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD553B8-8495-47E5-A543-4DC963B3511A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "28ADB191-4787-4FDB-B70A-F4C8BDF0F4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2772389A-9BCD-4B13-88C8-75BC64E40AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F9D05F-C86D-40D8-A7D9-5448918B72DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "311485DA-5381-4EAD-AF58-B8C67373413A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAF6671-8C77-448B-BF29-E2CF51176CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B55D762D-A723-435C-8D80-F7230F1648D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC63EDC-541E-445D-8B72-799E4184B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:pre1:*:*:*:*:*:*",
"matchCriteriaId": "0EF72E77-6239-4DAB-945C-4B13700E78E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:pre2:*:*:*:*:*:*",
"matchCriteriaId": "8355F0C0-4DA0-41AC-8051-2C04D9999685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3A5B2131-A083-4B8A-8B45-F8A8BEF06BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E6196E-4A90-4F64-BA99-A8E04A09D5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E61CEFCD-49F2-465F-AB2C-97DC18D1543B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FCA20CA1-D33C-4609-A281-ED5A4D92E2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3EF32CB2-6057-4DFF-8E6A-72B1E2E01D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7CE86-3FCD-472E-BF01-31FFB36701BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A295B774-B2C6-4AE0-882A-B66DF14C0074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A01B64B7-0FCB-4B5E-85E0-DA56F1435ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0343F2B3-AF01-426D-8C01-AFB5C9030E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE952D4-9007-4FE0-A58D-B0A225458C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF07E00-0662-4A28-A5B8-AA1813545E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "58E23D2E-3AF8-4D6B-BFE3-16E48BC85809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE28027-A500-454E-85F8-A2C8D2E34EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB2CF89-FB9B-4C8A-8590-6FC29CADD8B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "69AA8284-4A34-4748-B8B3-9EE57FC58032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5D488FC4-78E4-46D4-A752-89070583077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFB43D5-E6FF-47F9-8D6A-3B6B36417D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5D853DB7-318F-4EAD-BC10-D7C941AE8841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AB92945C-3DE7-43C5-A871-DBCE5E82F945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "338B3ECA-954D-4909-96FC-B15B0E5A36D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "78414EA2-BDC0-4E6F-976A-F6E1F88E79EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B3F0B2-8C70-4046-AAA0-FBD344FE4DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2D97508D-348E-46A3-8007-4D81084687D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4A6BBFDC-91A3-4A17-B581-12CBBC4FE0F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1126CD28-73D9-4F31-8E37-9D7804897A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "24511FB5-0BCF-4407-9B96-CD78B54A9B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD0173D-F699-4864-8856-D1792BDA0F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71CD2D3B-8E24-4FD3-9546-21DFAADA0440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "82652BAD-AC45-424C-8D8B-E82C18EFD7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7CCA8BFD-E566-47AC-9183-08E0D22ACACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "9A16EA9C-4414-4FEB-AF20-1502FB02BD8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC2E53-5DE8-4A31-9B8A-79335DFBAFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B0F029E8-5507-41D8-9703-379C331ACEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "404AFC5C-20B4-41E5-ACDE-56626D68AFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "49F6A2BA-82DA-4AC9-8DD0-7FC14E1F08F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "51E8FC92-0C19-4C64-BA9F-51B43500B2DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F37D1380-965B-40E0-8A20-61FEA072B8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F873FABC-89D1-49C1-A6BC-ACEB230F4620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2B8BE811-5465-4153-B915-9F1BBE6E2133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D67F6099-D302-4823-A83F-9AD23F573F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "907B5E42-DB06-4834-B522-6B708E674122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "9EDAA418-2B5A-45C2-B767-D99037EB17F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "A7D7BAD4-AC39-4856-B784-823DD15AF80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E101B0FE-499F-44D8-8B68-BB7FEE40D2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "747D8CD1-EE12-48A4-A795-88BC66A8DA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80EE7785-CCA3-4AC6-980D-8C4E3E1C5A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0CA65453-4879-4DA8-8600-2F8ECFED548F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE201D-F31A-4738-B9AB-7BB11417990E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4B10D10-9494-4B9D-9A35-4D768A836ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9B00B086-3318-4B5A-801D-7428DA9DB6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6ED4EC-F860-47BD-B699-551FB5DBF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre1:*:*:*:*:*:*",
"matchCriteriaId": "75509078-F1EC-49A2-A644-5F8A6C02A24E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre2:*:*:*:*:*:*",
"matchCriteriaId": "7940D1FB-A283-43EF-AC9D-98DB7CCFEC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre3:*:*:*:*:*:*",
"matchCriteriaId": "805469B4-93CD-4007-9782-BEA976E6083A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3398823-1813-4D7B-9EC9-74222A240051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:pre1:*:*:*:*:*:*",
"matchCriteriaId": "7A5A50E4-21C1-4F9B-BB82-3D18D91C9161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0748D99F-D40E-4161-B561-DE0EA4A4375A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BFCA4BA0-633F-42CF-9A38-3036C0F147ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98B7895-BDB3-477C-8B34-88BD3E02EAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16638B6B-32FC-42A5-A7A2-0C43FE22F801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C195A011-5BAC-46B0-B57E-4B193D442601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A6F8C186-8240-4F5E-8D1E-D705FB87A309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5849DB3-69F8-428E-89D4-AAC932E6CF6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E842B21F-5163-445F-8285-A4AFD42A5D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED87C9D-5D46-48A1-B6C7-31F92C340C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B13961D0-754F-4EE9-A7B7-5D892AA9F1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB2E1B1-F394-463C-AB6F-8D3741D57A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "194D87BE-AFD2-4775-8234-0CC8E41BFEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "19449938-2B92-44AC-89B2-21F142E65928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:pre0:*:*:*:*:*:*",
"matchCriteriaId": "EFD15E92-3DB1-41F0-8AF4-94120394B97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "7E20EB81-E828-41AE-AC95-FEE91D0CA757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "04B642C3-1295-4E8D-B104-4291361FA540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E5CDF725-3D97-43A4-9775-D4D4203C6B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A64C7A4-A76D-4855-B96B-CCC3479B0E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:pre2:*:*:*:*:*:*",
"matchCriteriaId": "3A0CBD58-D037-4524-AE62-6961B096BB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "99F684A7-A7DD-45C4-8FF6-66FDCFDBCBBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0C15AE0F-E78D-4211-B5D1-83185A65FD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "851C27A0-32C4-4F01-ACE8-9C71686704EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "48532322-0172-4DDA-986F-2D5B0AB9833A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "29273C2E-8622-43F1-9222-5E037492DC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D0A3E995-8046-4B14-A22E-7ADDCBC3A43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F51F5333-4645-41E6-850E-D3EFC5B16A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B9886244-AFAA-40B5-958C-8D9AF28F3001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7E404ED1-94E0-4A2F-A9F7-F941FDB0782A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A88BCABC-A39D-41BA-9DB8-DBB67483450A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1EA8E78A-65E5-4A35-8CE5-589453DF4AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3D8F5FD8-232E-4025-A6EF-BFE453D3AF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DE047F80-1FC1-460E-9C48-8515D8E34558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "82F5BB46-9B6E-44D0-9049-02EEF8411FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46371C56-6120-414C-8F95-F5297753F6B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F45F2752-8B5B-489D-8BAC-654B79D55416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C1DC976B-1AB0-4DC4-AF6C-697CE06B9E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00AFB893-E37A-4E81-A984-66D677161D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E751061C-DFC1-4EB5-8FBB-20183C61E45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E439C79E-EDAB-42AE-850A-E81A6F321058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.80:*:*:*:*:*:*:*",
"matchCriteriaId": "137A7FA6-6007-4485-944B-89BB8BAC9BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFEA933-CCDC-4F56-B80B-75480893049A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.86:*:*:*:*:*:*:*",
"matchCriteriaId": "54C5A322-524D-475F-9343-B63C2581348D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA620414-F78C-49C2-AC29-7CCCCC15B4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A12FC95C-F9A7-4E47-AC07-F680D4436156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D6101EAE-CB0E-4AB2-BCDC-9B4354422940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46059518-DCCB-410A-B7FD-FAF5F9DF9498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB1FAAF6-4403-4A45-B0D8-F9E4752C0CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6E90C9D-CCEF-47CE-BED1-16BF37927998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13410E37-9A6A-4A33-BB97-6B4D96AA11FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02949074-A703-4F6E-BBA7-B79021A1377E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C440174-183B-423B-8E85-37E78EB43A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CED5D54-C62B-4543-9C36-D76489EA3CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B9A9DF7-8700-4CD4-9DAA-5368066F17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC116B6E-F6A7-4885-B592-635EE06B6E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9635AFA4-24E6-4893-8B4B-57FE811A758D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database."
},
{
"lang": "es",
"value": "Best Practical Solutions RT v3.x anterior a v3.8.9rc2 y v4.x, utiliza el algoritmo MD5 para los hashes de contrase\u00f1as, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes dependientes del contexto determinar las contrase\u00f1as sin cifrar a trav\u00e9s de un ataque de fuerza bruta sobre la base de datos."
}
],
"id": "CVE-2011-0009",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-25T19:00:03.810",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610850"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-January/000185.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054740.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/70661"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43438"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2150"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45959"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0190"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0475"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0576"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=672250"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-January/000185.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054740.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/70661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=672250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-22 10:55
Modified
2025-04-11 00:51
Severity ?
Summary
Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | rt | 3.8.0 | |
| bestpractical | rt | 3.8.1 | |
| bestpractical | rt | 3.8.2 | |
| bestpractical | rt | 3.8.3 | |
| bestpractical | rt | 3.8.4 | |
| bestpractical | rt | 3.8.5 | |
| bestpractical | rt | 3.8.6 | |
| bestpractical | rt | 3.8.6 | |
| bestpractical | rt | 3.8.7 | |
| bestpractical | rt | 3.8.7 | |
| bestpractical | rt | 3.8.8 | |
| bestpractical | rt | 3.8.8 | |
| bestpractical | rt | 3.8.8 | |
| bestpractical | rt | 3.8.8 | |
| bestpractical | rt | 3.8.9 | |
| bestpractical | rt | 3.8.9 | |
| bestpractical | rt | 3.8.9 | |
| bestpractical | rt | 3.8.9 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack."
},
{
"lang": "es",
"value": "Best Practical Solutions RT v2.0.0 hasta v3.6.10, v3.8.0 hasta v3.8.9, y v4.0.0rc hasta 4.0.0rc7 cuando el campo CustomFieldValuesSources (tambi\u00e9n conocido como campo personalizado externo) est\u00e1 activada, permite a usuarios remotos autenticados, ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, como lo demuestra un ataque falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF)"
}
],
"id": "CVE-2011-1685",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-04-22T10:55:02.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44189"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47383"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66791"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-15 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mike_peachey | authen\ | \ | |
| mike_peachey | authen\ | \ | |
| bestpractical | rt | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mike_peachey:authen\\:\\:externalauth:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4011C6-C2C9-4023-9B45-F626E8F4BE0C",
"versionEndIncluding": "0.08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mike_peachey:authen\\:\\:externalauth:0.05:*:*:*:*:*:*:*",
"matchCriteriaId": "757C8C72-2DE3-476D-97EE-31981247B15D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41FF2D59-AAF7-4B5F-AA10-9EA9BDC3A829",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the \"URL of a RSS feed of the user.\""
},
{
"lang": "es",
"value": "La extensi\u00f3n Authen::ExternalAuth anterior v0.11 para (Best Practical Solutions RT) permite a atacantes obtener una sesi\u00f3n con acceso a trav\u00e9s de vectores no especificados relacionados con (URL of a RSS feed of the user)."
}
],
"id": "CVE-2012-2770",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-15T21:55:01.727",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50060"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/54681"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77213"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-22 10:55
Modified
2025-04-11 00:51
Severity ?
Summary
Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | rt | 3.6.0 | |
| bestpractical | rt | 3.6.1 | |
| bestpractical | rt | 3.6.2 | |
| bestpractical | rt | 3.6.3 | |
| bestpractical | rt | 3.6.4 | |
| bestpractical | rt | 3.6.5 | |
| bestpractical | rt | 3.6.6 | |
| bestpractical | rt | 3.6.7 | |
| bestpractical | rt | 3.6.8 | |
| bestpractical | rt | 3.6.9 | |
| bestpractical | rt | 3.6.10 | |
| bestpractical | rt | 3.8.0 | |
| bestpractical | rt | 3.8.1 | |
| bestpractical | rt | 3.8.2 | |
| bestpractical | rt | 3.8.3 | |
| bestpractical | rt | 3.8.4 | |
| bestpractical | rt | 3.8.5 | |
| bestpractical | rt | 3.8.6 | |
| bestpractical | rt | 3.8.6 | |
| bestpractical | rt | 3.8.7 | |
| bestpractical | rt | 3.8.7 | |
| bestpractical | rt | 3.8.8 | |
| bestpractical | rt | 3.8.8 | |
| bestpractical | rt | 3.8.8 | |
| bestpractical | rt | 3.8.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00AFB893-E37A-4E81-A984-66D677161D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "312703C9-7145-4599-8B2C-6EF7BC060A07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors."
},
{
"lang": "es",
"value": "Best Practical Solutions RT v3.6.0 hasta v3.6.10 y v3.8.0 hasta v3.8.8 permite a atacantes remotos enga\u00f1ar a los usuarios para que env\u00eden las credenciales a un servidor de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-1690",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-04-22T10:55:02.530",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44189"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47383"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66794"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-22 10:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B558A64D-2E06-416C-85F5-AAFFD18096D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A24FF7-A1B0-4998-A0F8-6E5D70901299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F01659AA-9146-4238-9FEE-70D345D31094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA74674-D04E-4458-ADF0-C733E9592B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F4ACD97-35AD-4E23-83FC-E39016936EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF589DDB-4348-4A55-9468-DBB5F03C82F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C59D941-22C2-41A7-B9BA-4CBDA3E71F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB507C08-D3CC-4AC8-9BAC-EED9FD09E1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A50288EA-2628-47D7-9F25-EE514B9083F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "91868A78-C6C7-4C03-95B3-755816F8C663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B4383B-20C5-4620-8107-255AD3D45D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09A128B7-AA70-49DD-A20E-B9BB7D23A4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "88EFA7E0-C472-4E93-8E38-98DFCCD37EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6E6381E7-1C01-4239-A02F-C6DB5D775F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4120F4E4-E4EB-434C-9764-370102198554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E1CA0866-CC49-4956-9493-849069B4485B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "565B7E66-BD96-419A-8EC2-FE971BDC47A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC1443B-50C8-4E98-9900-CACFEA5AD00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F451959A-5305-4210-977B-6B396BC0A4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA418CF5-49D6-4E0E-A1B5-8CB23752989D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E238F87-8D8C-4E62-A8F0-3DB9EFDB8328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD8A7EF-5DB8-40C6-9124-A97A23B3EA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD553B8-8495-47E5-A543-4DC963B3511A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "28ADB191-4787-4FDB-B70A-F4C8BDF0F4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2772389A-9BCD-4B13-88C8-75BC64E40AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F9D05F-C86D-40D8-A7D9-5448918B72DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "311485DA-5381-4EAD-AF58-B8C67373413A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAF6671-8C77-448B-BF29-E2CF51176CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B55D762D-A723-435C-8D80-F7230F1648D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC63EDC-541E-445D-8B72-799E4184B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E6196E-4A90-4F64-BA99-A8E04A09D5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7CE86-3FCD-472E-BF01-31FFB36701BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B3F0B2-8C70-4046-AAA0-FBD344FE4DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD0173D-F699-4864-8856-D1792BDA0F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC2E53-5DE8-4A31-9B8A-79335DFBAFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "404AFC5C-20B4-41E5-ACDE-56626D68AFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F37D1380-965B-40E0-8A20-61FEA072B8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E101B0FE-499F-44D8-8B68-BB7FEE40D2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "747D8CD1-EE12-48A4-A795-88BC66A8DA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE201D-F31A-4738-B9AB-7BB11417990E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6ED4EC-F860-47BD-B699-551FB5DBF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3398823-1813-4D7B-9EC9-74222A240051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98B7895-BDB3-477C-8B34-88BD3E02EAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00AFB893-E37A-4E81-A984-66D677161D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "312703C9-7145-4599-8B2C-6EF7BC060A07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Best Practical Solutions RT v2.0.0 hasta v3.6.10, v3.8.0 hasta v3.8.9, y v4.0.0rc hasta 4.0.0rc7, permite a atacantes remotos inyectar script de su elecci\u00f3n o HTML a trav\u00e9s desconocidos.\r\n"
}
],
"id": "CVE-2011-1689",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-04-22T10:55:02.487",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44189"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47383"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66796"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-23 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F478B6AB-8B47-46A2-BEA7-9FF24F4A7026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A7CA2655-8B75-4DFF-9B30-1B9839B87D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D976231-5D79-4C48-BFFA-39E3E7FE35A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F35ABA0F-6072-433E-AAA5-3B0BB219B404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "886BD643-B430-4E7A-BC33-50A1B01515D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C469BBE-00A5-4B19-91E4-5C5DF3210BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5315BD2E-AE5F-49F9-8451-0D2D64CE56B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "087B001A-78B6-46EB-8623-D8C680243867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E39EBCE5-FB2E-475E-9EF4-263416315A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5467F5A9-7FFE-4ED6-90A4-490D886B6F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "252B0169-58A5-4AF4-BB71-08D0A874B616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A67F3E23-4345-449E-83C6-219A08412A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BAFB3374-D0EA-4962-B2B6-4B7A336F874F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "20972E11-0401-4DA2-94D5-2A35F5E1AA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E81D1019-C2A1-47CA-B3C9-D208BFDE1391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "45AD36C4-069B-4A2F-ACAE-E2EF7BC1CA4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "15112BC0-8C03-4417-A0EB-123C326E6F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "685B747F-6C34-4D76-B1A3-652EF2480D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E6D6E2-13A1-4AF9-B1A2-414588CCBD35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:preflight1:*:*:*:*:*:*",
"matchCriteriaId": "34A06E8A-1591-4ED9-AE0D-4A95E3327FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA620414-F78C-49C2-AC29-7CCCCC15B4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A12FC95C-F9A7-4E47-AC07-F680D4436156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D6101EAE-CB0E-4AB2-BCDC-9B4354422940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:preflight0:*:*:*:*:*:*",
"matchCriteriaId": "54941FC4-7DD6-4F6D-AA14-296045D55C44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46059518-DCCB-410A-B7FD-FAF5F9DF9498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB1FAAF6-4403-4A45-B0D8-F9E4752C0CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6E90C9D-CCEF-47CE-BED1-16BF37927998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13410E37-9A6A-4A33-BB97-6B4D96AA11FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02949074-A703-4F6E-BBA7-B79021A1377E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C440174-183B-423B-8E85-37E78EB43A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CED5D54-C62B-4543-9C36-D76489EA3CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B9A9DF7-8700-4CD4-9DAA-5368066F17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC116B6E-F6A7-4885-B592-635EE06B6E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9635AFA4-24E6-4893-8B4B-57FE811A758D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32BE1C0B-D379-4A51-8188-B660730539AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DDD10111-15EC-4749-BC02-97979FFFA370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E768F1-80EA-4016-837E-9B92A3954F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82B26A8A-701E-4144-BE4A-E7C886C2E7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2C19BF7A-B957-422B-8B93-DB1B986979AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C35364B8-6BB7-439D-9450-08FB11639E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0A205895-B227-49C0-879A-72FB0BDA8A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B5E26C51-9F68-4A2E-9B91-CD90C91E1791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C4581C2F-8573-41DD-8730-864D66053BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5822BA44-EF00-43AD-80AF-5AF8719E0C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4DC9BA2D-948D-42DE-A0AF-35BE5BE5F941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AE10624B-CEC3-4851-8C40-04DEDB17A4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE28E11-DE45-44AF-929A-A0F48D14FBE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en Request Tracker (RT) v3.8.x anterior a v3.8.17 y v4.0.x anterior a v4.0.13 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de divisi\u00f3n de respuesta HTTP a trav\u00e9s de un encabezado MIME."
}
],
"id": "CVE-2013-3373",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-23T16:55:07.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53505"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53522"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/93606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/93606"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-02 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same domain.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | rt | 3.0.1 | |
| bestpractical | rt | 3.0.2 | |
| bestpractical | rt | 3.0.3 | |
| bestpractical | rt | 3.0.4 | |
| bestpractical | rt | 3.0.5 | |
| bestpractical | rt | 3.0.6 | |
| bestpractical | rt | 3.0.7 | |
| bestpractical | rt | 3.0.7.1 | |
| bestpractical | rt | 3.0.8 | |
| bestpractical | rt | 3.0.9 | |
| bestpractical | rt | 3.0.10 | |
| bestpractical | rt | 3.0.11 | |
| bestpractical | rt | 3.0.12 | |
| bestpractical | rt | 3.2.0 | |
| bestpractical | rt | 3.2.1 | |
| bestpractical | rt | 3.2.2 | |
| bestpractical | rt | 3.2.3 | |
| bestpractical | rt | 3.4.0 | |
| bestpractical | rt | 3.4.1 | |
| bestpractical | rt | 3.4.2 | |
| bestpractical | rt | 3.4.3 | |
| bestpractical | rt | 3.4.4 | |
| bestpractical | rt | 3.4.5 | |
| bestpractical | rt | 3.4.6 | |
| bestpractical | rt | 3.6.0 | |
| bestpractical | rt | 3.6.1 | |
| bestpractical | rt | 3.6.2 | |
| bestpractical | rt | 3.6.3 | |
| bestpractical | rt | 3.6.4 | |
| bestpractical | rt | 3.6.5 | |
| bestpractical | rt | 3.6.6 | |
| bestpractical | rt | 3.6.7 | |
| bestpractical | rt | 3.6.8 | |
| bestpractical | rt | 3.6.9 | |
| bestpractical | rt | 3.8.0 | |
| bestpractical | rt | 3.8.1 | |
| bestpractical | rt | 3.8.2 | |
| bestpractical | rt | 3.8.3 | |
| bestpractical | rt | 3.8.4 | |
| bestpractical | rt | 3.8.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA418CF5-49D6-4E0E-A1B5-8CB23752989D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E238F87-8D8C-4E62-A8F0-3DB9EFDB8328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD8A7EF-5DB8-40C6-9124-A97A23B3EA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD553B8-8495-47E5-A543-4DC963B3511A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "28ADB191-4787-4FDB-B70A-F4C8BDF0F4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2772389A-9BCD-4B13-88C8-75BC64E40AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F9D05F-C86D-40D8-A7D9-5448918B72DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "311485DA-5381-4EAD-AF58-B8C67373413A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAF6671-8C77-448B-BF29-E2CF51176CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B55D762D-A723-435C-8D80-F7230F1648D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC63EDC-541E-445D-8B72-799E4184B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E6196E-4A90-4F64-BA99-A8E04A09D5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7CE86-3FCD-472E-BF01-31FFB36701BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B3F0B2-8C70-4046-AAA0-FBD344FE4DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD0173D-F699-4864-8856-D1792BDA0F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC2E53-5DE8-4A31-9B8A-79335DFBAFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "404AFC5C-20B4-41E5-ACDE-56626D68AFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F37D1380-965B-40E0-8A20-61FEA072B8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E101B0FE-499F-44D8-8B68-BB7FEE40D2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "747D8CD1-EE12-48A4-A795-88BC66A8DA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE201D-F31A-4738-B9AB-7BB11417990E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6ED4EC-F860-47BD-B699-551FB5DBF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3398823-1813-4D7B-9EC9-74222A240051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98B7895-BDB3-477C-8B34-88BD3E02EAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00AFB893-E37A-4E81-A984-66D677161D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same domain."
},
{
"lang": "es",
"value": "Vulnerabilidad de permanencia de sesi\u00f3n en html/Elements/SetupSessionCookie en Best Practical Solutions RT desde v3.0.0 hasta v3.6.9 y desde v3.8.x hasta v3.8.5 permite a atacantes remotos secuestrar sesiones web fijando el identificador de sesi\u00f3n a trav\u00e9s de una manipulaci\u00f3n que aprovecha un segundo servidor web dentro del mismo dominio."
}
],
"id": "CVE-2009-3585",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-02T16:30:00.437",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bestpractical.typepad.com/files/rt-3.0.0-session_fixation.v3.patch"
},
{
"source": "cve@mitre.org",
"url": "http://bestpractical.typepad.com/files/rt-3.0.1-3.0.6-session_fixation.v3.patch"
},
{
"source": "cve@mitre.org",
"url": "http://bestpractical.typepad.com/files/rt-3.0.7-3.6.1-session_fixation.v3.patch"
},
{
"source": "cve@mitre.org",
"url": "http://bestpractical.typepad.com/files/rt-3.6.2-3.6.3-session_fixation.v3.patch"
},
{
"source": "cve@mitre.org",
"url": "http://bestpractical.typepad.com/files/rt-3.6.4-3.6.9-session_fixation.v2.patch"
},
{
"source": "cve@mitre.org",
"url": "http://bestpractical.typepad.com/files/rt-3.8-session_fixation.patch"
},
{
"source": "cve@mitre.org",
"url": "http://blog.bestpractical.com/2009/11/session-fixation-vulnerability.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000176.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000177.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37546"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37728"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37162"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54472"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00761.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00794.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00832.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bestpractical.typepad.com/files/rt-3.0.0-session_fixation.v3.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bestpractical.typepad.com/files/rt-3.0.1-3.0.6-session_fixation.v3.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bestpractical.typepad.com/files/rt-3.0.7-3.6.1-session_fixation.v3.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bestpractical.typepad.com/files/rt-3.6.2-3.6.3-session_fixation.v3.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bestpractical.typepad.com/files/rt-3.6.4-3.6.9-session_fixation.v2.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bestpractical.typepad.com/files/rt-3.8-session_fixation.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.bestpractical.com/2009/11/session-fixation-vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000176.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000177.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00761.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00794.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00832.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-04 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F451959A-5305-4210-977B-6B396BC0A4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA418CF5-49D6-4E0E-A1B5-8CB23752989D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E238F87-8D8C-4E62-A8F0-3DB9EFDB8328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD8A7EF-5DB8-40C6-9124-A97A23B3EA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD553B8-8495-47E5-A543-4DC963B3511A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "28ADB191-4787-4FDB-B70A-F4C8BDF0F4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2772389A-9BCD-4B13-88C8-75BC64E40AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F9D05F-C86D-40D8-A7D9-5448918B72DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "311485DA-5381-4EAD-AF58-B8C67373413A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAF6671-8C77-448B-BF29-E2CF51176CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B55D762D-A723-435C-8D80-F7230F1648D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC63EDC-541E-445D-8B72-799E4184B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:pre1:*:*:*:*:*:*",
"matchCriteriaId": "0EF72E77-6239-4DAB-945C-4B13700E78E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:pre2:*:*:*:*:*:*",
"matchCriteriaId": "8355F0C0-4DA0-41AC-8051-2C04D9999685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3A5B2131-A083-4B8A-8B45-F8A8BEF06BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E6196E-4A90-4F64-BA99-A8E04A09D5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E61CEFCD-49F2-465F-AB2C-97DC18D1543B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FCA20CA1-D33C-4609-A281-ED5A4D92E2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3EF32CB2-6057-4DFF-8E6A-72B1E2E01D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7CE86-3FCD-472E-BF01-31FFB36701BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A295B774-B2C6-4AE0-882A-B66DF14C0074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A01B64B7-0FCB-4B5E-85E0-DA56F1435ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0343F2B3-AF01-426D-8C01-AFB5C9030E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE952D4-9007-4FE0-A58D-B0A225458C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF07E00-0662-4A28-A5B8-AA1813545E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "58E23D2E-3AF8-4D6B-BFE3-16E48BC85809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE28027-A500-454E-85F8-A2C8D2E34EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB2CF89-FB9B-4C8A-8590-6FC29CADD8B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "69AA8284-4A34-4748-B8B3-9EE57FC58032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5D488FC4-78E4-46D4-A752-89070583077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFB43D5-E6FF-47F9-8D6A-3B6B36417D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5D853DB7-318F-4EAD-BC10-D7C941AE8841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AB92945C-3DE7-43C5-A871-DBCE5E82F945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "338B3ECA-954D-4909-96FC-B15B0E5A36D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "78414EA2-BDC0-4E6F-976A-F6E1F88E79EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B3F0B2-8C70-4046-AAA0-FBD344FE4DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2D97508D-348E-46A3-8007-4D81084687D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4A6BBFDC-91A3-4A17-B581-12CBBC4FE0F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1126CD28-73D9-4F31-8E37-9D7804897A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "24511FB5-0BCF-4407-9B96-CD78B54A9B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD0173D-F699-4864-8856-D1792BDA0F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71CD2D3B-8E24-4FD3-9546-21DFAADA0440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "82652BAD-AC45-424C-8D8B-E82C18EFD7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7CCA8BFD-E566-47AC-9183-08E0D22ACACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "9A16EA9C-4414-4FEB-AF20-1502FB02BD8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC2E53-5DE8-4A31-9B8A-79335DFBAFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B0F029E8-5507-41D8-9703-379C331ACEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "404AFC5C-20B4-41E5-ACDE-56626D68AFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "49F6A2BA-82DA-4AC9-8DD0-7FC14E1F08F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "51E8FC92-0C19-4C64-BA9F-51B43500B2DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F37D1380-965B-40E0-8A20-61FEA072B8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F873FABC-89D1-49C1-A6BC-ACEB230F4620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2B8BE811-5465-4153-B915-9F1BBE6E2133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D67F6099-D302-4823-A83F-9AD23F573F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "907B5E42-DB06-4834-B522-6B708E674122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "9EDAA418-2B5A-45C2-B767-D99037EB17F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "A7D7BAD4-AC39-4856-B784-823DD15AF80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E101B0FE-499F-44D8-8B68-BB7FEE40D2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "747D8CD1-EE12-48A4-A795-88BC66A8DA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80EE7785-CCA3-4AC6-980D-8C4E3E1C5A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0CA65453-4879-4DA8-8600-2F8ECFED548F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE201D-F31A-4738-B9AB-7BB11417990E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4B10D10-9494-4B9D-9A35-4D768A836ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9B00B086-3318-4B5A-801D-7428DA9DB6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6ED4EC-F860-47BD-B699-551FB5DBF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre1:*:*:*:*:*:*",
"matchCriteriaId": "75509078-F1EC-49A2-A644-5F8A6C02A24E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre2:*:*:*:*:*:*",
"matchCriteriaId": "7940D1FB-A283-43EF-AC9D-98DB7CCFEC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre3:*:*:*:*:*:*",
"matchCriteriaId": "805469B4-93CD-4007-9782-BEA976E6083A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3398823-1813-4D7B-9EC9-74222A240051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:pre1:*:*:*:*:*:*",
"matchCriteriaId": "7A5A50E4-21C1-4F9B-BB82-3D18D91C9161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0748D99F-D40E-4161-B561-DE0EA4A4375A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BFCA4BA0-633F-42CF-9A38-3036C0F147ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98B7895-BDB3-477C-8B34-88BD3E02EAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16638B6B-32FC-42A5-A7A2-0C43FE22F801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C195A011-5BAC-46B0-B57E-4B193D442601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A6F8C186-8240-4F5E-8D1E-D705FB87A309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5849DB3-69F8-428E-89D4-AAC932E6CF6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E842B21F-5163-445F-8285-A4AFD42A5D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED87C9D-5D46-48A1-B6C7-31F92C340C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B13961D0-754F-4EE9-A7B7-5D892AA9F1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB2E1B1-F394-463C-AB6F-8D3741D57A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "194D87BE-AFD2-4775-8234-0CC8E41BFEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "19449938-2B92-44AC-89B2-21F142E65928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:pre0:*:*:*:*:*:*",
"matchCriteriaId": "EFD15E92-3DB1-41F0-8AF4-94120394B97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "7E20EB81-E828-41AE-AC95-FEE91D0CA757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "04B642C3-1295-4E8D-B104-4291361FA540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E5CDF725-3D97-43A4-9775-D4D4203C6B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A64C7A4-A76D-4855-B96B-CCC3479B0E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:pre2:*:*:*:*:*:*",
"matchCriteriaId": "3A0CBD58-D037-4524-AE62-6961B096BB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "99F684A7-A7DD-45C4-8FF6-66FDCFDBCBBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0C15AE0F-E78D-4211-B5D1-83185A65FD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "851C27A0-32C4-4F01-ACE8-9C71686704EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "48532322-0172-4DDA-986F-2D5B0AB9833A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "29273C2E-8622-43F1-9222-5E037492DC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D0A3E995-8046-4B14-A22E-7ADDCBC3A43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F51F5333-4645-41E6-850E-D3EFC5B16A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B9886244-AFAA-40B5-958C-8D9AF28F3001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7E404ED1-94E0-4A2F-A9F7-F941FDB0782A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A88BCABC-A39D-41BA-9DB8-DBB67483450A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1EA8E78A-65E5-4A35-8CE5-589453DF4AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3D8F5FD8-232E-4025-A6EF-BFE453D3AF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DE047F80-1FC1-460E-9C48-8515D8E34558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "82F5BB46-9B6E-44D0-9049-02EEF8411FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46371C56-6120-414C-8F95-F5297753F6B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F45F2752-8B5B-489D-8BAC-654B79D55416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C1DC976B-1AB0-4DC4-AF6C-697CE06B9E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00AFB893-E37A-4E81-A984-66D677161D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "312703C9-7145-4599-8B2C-6EF7BC060A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E751061C-DFC1-4EB5-8FBB-20183C61E45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E439C79E-EDAB-42AE-850A-E81A6F321058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.80:*:*:*:*:*:*:*",
"matchCriteriaId": "137A7FA6-6007-4485-944B-89BB8BAC9BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFEA933-CCDC-4F56-B80B-75480893049A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.86:*:*:*:*:*:*:*",
"matchCriteriaId": "54C5A322-524D-475F-9343-B63C2581348D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA620414-F78C-49C2-AC29-7CCCCC15B4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A12FC95C-F9A7-4E47-AC07-F680D4436156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D6101EAE-CB0E-4AB2-BCDC-9B4354422940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46059518-DCCB-410A-B7FD-FAF5F9DF9498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB1FAAF6-4403-4A45-B0D8-F9E4752C0CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6E90C9D-CCEF-47CE-BED1-16BF37927998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13410E37-9A6A-4A33-BB97-6B4D96AA11FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02949074-A703-4F6E-BBA7-B79021A1377E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C440174-183B-423B-8E85-37E78EB43A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CED5D54-C62B-4543-9C36-D76489EA3CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B9A9DF7-8700-4CD4-9DAA-5368066F17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC116B6E-F6A7-4885-B592-635EE06B6E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9635AFA4-24E6-4893-8B4B-57FE811A758D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32BE1C0B-D379-4A51-8188-B660730539AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E768F1-80EA-4016-837E-9B92A3954F8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C35364B8-6BB7-439D-9450-08FB11639E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5315BD2E-AE5F-49F9-8451-0D2D64CE56B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "087B001A-78B6-46EB-8623-D8C680243867",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009."
},
{
"lang": "es",
"value": "RT v3.x anterior a v3.8.12 y v4.x anteriores a v4.0.6 no actualiza el algoritmo \"password-hash\" para desactivar las cuentas de usuario, lo que facilita a atacantes dependiendo del contexto para determinar contrase\u00f1as en texto claro, y posiblemente usar esas contrase\u00f1as antes de que las cuentas est\u00e9n restablecidas, mediante un ataque de fuerza bruta sobre la base de datos. NOTE: Esta vulnerabilidad es debida a una soluci\u00f3n incompleta de CVE-2011-0009."
}
],
"id": "CVE-2011-2082",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-04T19:55:01.540",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/49259"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53660"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-22 10:55
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B3F0B2-8C70-4046-AAA0-FBD344FE4DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD0173D-F699-4864-8856-D1792BDA0F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC2E53-5DE8-4A31-9B8A-79335DFBAFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "404AFC5C-20B4-41E5-ACDE-56626D68AFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F37D1380-965B-40E0-8A20-61FEA072B8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E101B0FE-499F-44D8-8B68-BB7FEE40D2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "747D8CD1-EE12-48A4-A795-88BC66A8DA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE201D-F31A-4738-B9AB-7BB11417990E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6ED4EC-F860-47BD-B699-551FB5DBF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3398823-1813-4D7B-9EC9-74222A240051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98B7895-BDB3-477C-8B34-88BD3E02EAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00AFB893-E37A-4E81-A984-66D677161D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "312703C9-7145-4599-8B2C-6EF7BC060A07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en Best Practical Solutions RT v2.0.0 hasta v3.6.10, v3.8.0 hasta v3.8.9, y v4.0.0rc hasta 4.0.0rc7 permite a atacantes remotos leer ficheros arbitrarios mediante una petici\u00f3n HTTP manipulada."
}
],
"id": "CVE-2011-1688",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-22T10:55:02.437",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44189"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47383"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66795"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-04 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F451959A-5305-4210-977B-6B396BC0A4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA418CF5-49D6-4E0E-A1B5-8CB23752989D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E238F87-8D8C-4E62-A8F0-3DB9EFDB8328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD8A7EF-5DB8-40C6-9124-A97A23B3EA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD553B8-8495-47E5-A543-4DC963B3511A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "28ADB191-4787-4FDB-B70A-F4C8BDF0F4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2772389A-9BCD-4B13-88C8-75BC64E40AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F9D05F-C86D-40D8-A7D9-5448918B72DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "311485DA-5381-4EAD-AF58-B8C67373413A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAF6671-8C77-448B-BF29-E2CF51176CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B55D762D-A723-435C-8D80-F7230F1648D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC63EDC-541E-445D-8B72-799E4184B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:pre1:*:*:*:*:*:*",
"matchCriteriaId": "0EF72E77-6239-4DAB-945C-4B13700E78E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:pre2:*:*:*:*:*:*",
"matchCriteriaId": "8355F0C0-4DA0-41AC-8051-2C04D9999685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3A5B2131-A083-4B8A-8B45-F8A8BEF06BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E6196E-4A90-4F64-BA99-A8E04A09D5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E61CEFCD-49F2-465F-AB2C-97DC18D1543B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FCA20CA1-D33C-4609-A281-ED5A4D92E2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3EF32CB2-6057-4DFF-8E6A-72B1E2E01D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7CE86-3FCD-472E-BF01-31FFB36701BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A295B774-B2C6-4AE0-882A-B66DF14C0074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A01B64B7-0FCB-4B5E-85E0-DA56F1435ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0343F2B3-AF01-426D-8C01-AFB5C9030E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE952D4-9007-4FE0-A58D-B0A225458C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF07E00-0662-4A28-A5B8-AA1813545E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "58E23D2E-3AF8-4D6B-BFE3-16E48BC85809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE28027-A500-454E-85F8-A2C8D2E34EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB2CF89-FB9B-4C8A-8590-6FC29CADD8B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "69AA8284-4A34-4748-B8B3-9EE57FC58032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5D488FC4-78E4-46D4-A752-89070583077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFB43D5-E6FF-47F9-8D6A-3B6B36417D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5D853DB7-318F-4EAD-BC10-D7C941AE8841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AB92945C-3DE7-43C5-A871-DBCE5E82F945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "338B3ECA-954D-4909-96FC-B15B0E5A36D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "78414EA2-BDC0-4E6F-976A-F6E1F88E79EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B3F0B2-8C70-4046-AAA0-FBD344FE4DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2D97508D-348E-46A3-8007-4D81084687D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4A6BBFDC-91A3-4A17-B581-12CBBC4FE0F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1126CD28-73D9-4F31-8E37-9D7804897A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "24511FB5-0BCF-4407-9B96-CD78B54A9B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD0173D-F699-4864-8856-D1792BDA0F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71CD2D3B-8E24-4FD3-9546-21DFAADA0440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "82652BAD-AC45-424C-8D8B-E82C18EFD7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7CCA8BFD-E566-47AC-9183-08E0D22ACACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "9A16EA9C-4414-4FEB-AF20-1502FB02BD8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC2E53-5DE8-4A31-9B8A-79335DFBAFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B0F029E8-5507-41D8-9703-379C331ACEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "404AFC5C-20B4-41E5-ACDE-56626D68AFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "49F6A2BA-82DA-4AC9-8DD0-7FC14E1F08F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "51E8FC92-0C19-4C64-BA9F-51B43500B2DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F37D1380-965B-40E0-8A20-61FEA072B8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F873FABC-89D1-49C1-A6BC-ACEB230F4620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2B8BE811-5465-4153-B915-9F1BBE6E2133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D67F6099-D302-4823-A83F-9AD23F573F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "907B5E42-DB06-4834-B522-6B708E674122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "9EDAA418-2B5A-45C2-B767-D99037EB17F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "A7D7BAD4-AC39-4856-B784-823DD15AF80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E101B0FE-499F-44D8-8B68-BB7FEE40D2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "747D8CD1-EE12-48A4-A795-88BC66A8DA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80EE7785-CCA3-4AC6-980D-8C4E3E1C5A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0CA65453-4879-4DA8-8600-2F8ECFED548F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE201D-F31A-4738-B9AB-7BB11417990E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4B10D10-9494-4B9D-9A35-4D768A836ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9B00B086-3318-4B5A-801D-7428DA9DB6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6ED4EC-F860-47BD-B699-551FB5DBF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre1:*:*:*:*:*:*",
"matchCriteriaId": "75509078-F1EC-49A2-A644-5F8A6C02A24E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre2:*:*:*:*:*:*",
"matchCriteriaId": "7940D1FB-A283-43EF-AC9D-98DB7CCFEC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre3:*:*:*:*:*:*",
"matchCriteriaId": "805469B4-93CD-4007-9782-BEA976E6083A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3398823-1813-4D7B-9EC9-74222A240051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:pre1:*:*:*:*:*:*",
"matchCriteriaId": "7A5A50E4-21C1-4F9B-BB82-3D18D91C9161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0748D99F-D40E-4161-B561-DE0EA4A4375A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BFCA4BA0-633F-42CF-9A38-3036C0F147ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98B7895-BDB3-477C-8B34-88BD3E02EAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16638B6B-32FC-42A5-A7A2-0C43FE22F801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C195A011-5BAC-46B0-B57E-4B193D442601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A6F8C186-8240-4F5E-8D1E-D705FB87A309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5849DB3-69F8-428E-89D4-AAC932E6CF6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E842B21F-5163-445F-8285-A4AFD42A5D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED87C9D-5D46-48A1-B6C7-31F92C340C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B13961D0-754F-4EE9-A7B7-5D892AA9F1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB2E1B1-F394-463C-AB6F-8D3741D57A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "194D87BE-AFD2-4775-8234-0CC8E41BFEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "19449938-2B92-44AC-89B2-21F142E65928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:pre0:*:*:*:*:*:*",
"matchCriteriaId": "EFD15E92-3DB1-41F0-8AF4-94120394B97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "7E20EB81-E828-41AE-AC95-FEE91D0CA757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "04B642C3-1295-4E8D-B104-4291361FA540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E5CDF725-3D97-43A4-9775-D4D4203C6B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A64C7A4-A76D-4855-B96B-CCC3479B0E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:pre2:*:*:*:*:*:*",
"matchCriteriaId": "3A0CBD58-D037-4524-AE62-6961B096BB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "99F684A7-A7DD-45C4-8FF6-66FDCFDBCBBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0C15AE0F-E78D-4211-B5D1-83185A65FD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "851C27A0-32C4-4F01-ACE8-9C71686704EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "48532322-0172-4DDA-986F-2D5B0AB9833A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "29273C2E-8622-43F1-9222-5E037492DC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D0A3E995-8046-4B14-A22E-7ADDCBC3A43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F51F5333-4645-41E6-850E-D3EFC5B16A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B9886244-AFAA-40B5-958C-8D9AF28F3001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7E404ED1-94E0-4A2F-A9F7-F941FDB0782A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A88BCABC-A39D-41BA-9DB8-DBB67483450A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1EA8E78A-65E5-4A35-8CE5-589453DF4AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3D8F5FD8-232E-4025-A6EF-BFE453D3AF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DE047F80-1FC1-460E-9C48-8515D8E34558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "82F5BB46-9B6E-44D0-9049-02EEF8411FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46371C56-6120-414C-8F95-F5297753F6B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F45F2752-8B5B-489D-8BAC-654B79D55416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C1DC976B-1AB0-4DC4-AF6C-697CE06B9E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00AFB893-E37A-4E81-A984-66D677161D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "312703C9-7145-4599-8B2C-6EF7BC060A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E751061C-DFC1-4EB5-8FBB-20183C61E45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E439C79E-EDAB-42AE-850A-E81A6F321058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.80:*:*:*:*:*:*:*",
"matchCriteriaId": "137A7FA6-6007-4485-944B-89BB8BAC9BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFEA933-CCDC-4F56-B80B-75480893049A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.86:*:*:*:*:*:*:*",
"matchCriteriaId": "54C5A322-524D-475F-9343-B63C2581348D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA620414-F78C-49C2-AC29-7CCCCC15B4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A12FC95C-F9A7-4E47-AC07-F680D4436156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D6101EAE-CB0E-4AB2-BCDC-9B4354422940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46059518-DCCB-410A-B7FD-FAF5F9DF9498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB1FAAF6-4403-4A45-B0D8-F9E4752C0CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6E90C9D-CCEF-47CE-BED1-16BF37927998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13410E37-9A6A-4A33-BB97-6B4D96AA11FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02949074-A703-4F6E-BBA7-B79021A1377E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C440174-183B-423B-8E85-37E78EB43A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CED5D54-C62B-4543-9C36-D76489EA3CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B9A9DF7-8700-4CD4-9DAA-5368066F17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC116B6E-F6A7-4885-B592-635EE06B6E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9635AFA4-24E6-4893-8B4B-57FE811A758D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32BE1C0B-D379-4A51-8188-B660730539AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E768F1-80EA-4016-837E-9B92A3954F8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C35364B8-6BB7-439D-9450-08FB11639E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5315BD2E-AE5F-49F9-8451-0D2D64CE56B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "087B001A-78B6-46EB-8623-D8C680243867",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership."
},
{
"lang": "es",
"value": "Best Practical Solutions RT 3.x anteriores a 3.8.12 y 4.x anteriores a 4.0.6 no deshabilitan apropiadamente los grupos, lo que permite a usuarios autenticados remotos evitar las restricciones de acceso previstas en determinadas circunstancias utilizando una pertenencia a grupo."
}
],
"id": "CVE-2011-4459",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-04T19:55:01.807",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/49259"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53660"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-04 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEE1FCA-3AE6-4181-A79A-CC4829757259",
"versionEndIncluding": "3.8.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "798C7256-C8A7-46EA-BE0C-685620CF78AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC812A18-628E-4EFA-95C7-010694423894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05EFCBF0-4447-4457-92B9-587A28C2D8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9A6E50-5666-48BF-8FD7-2668D8AD7344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "915FBC54-78F1-43AC-8394-AA25BC9F88F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6F083E35-4189-45E9-A1A1-9062C88ED144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C9869E-5949-4C1E-AED7-3A8FB3C133F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2090D7-2796-44E9-8330-CE874E9514E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B558A64D-2E06-416C-85F5-AAFFD18096D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A24FF7-A1B0-4998-A0F8-6E5D70901299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F01659AA-9146-4238-9FEE-70D345D31094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA74674-D04E-4458-ADF0-C733E9592B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F4ACD97-35AD-4E23-83FC-E39016936EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF589DDB-4348-4A55-9468-DBB5F03C82F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C59D941-22C2-41A7-B9BA-4CBDA3E71F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB507C08-D3CC-4AC8-9BAC-EED9FD09E1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A50288EA-2628-47D7-9F25-EE514B9083F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "91868A78-C6C7-4C03-95B3-755816F8C663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B4383B-20C5-4620-8107-255AD3D45D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09A128B7-AA70-49DD-A20E-B9BB7D23A4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "88EFA7E0-C472-4E93-8E38-98DFCCD37EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6E6381E7-1C01-4239-A02F-C6DB5D775F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4120F4E4-E4EB-434C-9764-370102198554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E1CA0866-CC49-4956-9493-849069B4485B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "565B7E66-BD96-419A-8EC2-FE971BDC47A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC1443B-50C8-4E98-9900-CACFEA5AD00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F451959A-5305-4210-977B-6B396BC0A4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA418CF5-49D6-4E0E-A1B5-8CB23752989D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E238F87-8D8C-4E62-A8F0-3DB9EFDB8328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD8A7EF-5DB8-40C6-9124-A97A23B3EA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD553B8-8495-47E5-A543-4DC963B3511A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "28ADB191-4787-4FDB-B70A-F4C8BDF0F4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2772389A-9BCD-4B13-88C8-75BC64E40AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F9D05F-C86D-40D8-A7D9-5448918B72DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "311485DA-5381-4EAD-AF58-B8C67373413A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAF6671-8C77-448B-BF29-E2CF51176CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B55D762D-A723-435C-8D80-F7230F1648D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC63EDC-541E-445D-8B72-799E4184B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:pre1:*:*:*:*:*:*",
"matchCriteriaId": "0EF72E77-6239-4DAB-945C-4B13700E78E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:pre2:*:*:*:*:*:*",
"matchCriteriaId": "8355F0C0-4DA0-41AC-8051-2C04D9999685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3A5B2131-A083-4B8A-8B45-F8A8BEF06BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E6196E-4A90-4F64-BA99-A8E04A09D5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E61CEFCD-49F2-465F-AB2C-97DC18D1543B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FCA20CA1-D33C-4609-A281-ED5A4D92E2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3EF32CB2-6057-4DFF-8E6A-72B1E2E01D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7CE86-3FCD-472E-BF01-31FFB36701BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A295B774-B2C6-4AE0-882A-B66DF14C0074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A01B64B7-0FCB-4B5E-85E0-DA56F1435ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0343F2B3-AF01-426D-8C01-AFB5C9030E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE952D4-9007-4FE0-A58D-B0A225458C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF07E00-0662-4A28-A5B8-AA1813545E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "58E23D2E-3AF8-4D6B-BFE3-16E48BC85809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE28027-A500-454E-85F8-A2C8D2E34EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB2CF89-FB9B-4C8A-8590-6FC29CADD8B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "69AA8284-4A34-4748-B8B3-9EE57FC58032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5D488FC4-78E4-46D4-A752-89070583077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFB43D5-E6FF-47F9-8D6A-3B6B36417D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5D853DB7-318F-4EAD-BC10-D7C941AE8841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AB92945C-3DE7-43C5-A871-DBCE5E82F945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "338B3ECA-954D-4909-96FC-B15B0E5A36D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "78414EA2-BDC0-4E6F-976A-F6E1F88E79EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B3F0B2-8C70-4046-AAA0-FBD344FE4DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2D97508D-348E-46A3-8007-4D81084687D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4A6BBFDC-91A3-4A17-B581-12CBBC4FE0F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1126CD28-73D9-4F31-8E37-9D7804897A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "24511FB5-0BCF-4407-9B96-CD78B54A9B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD0173D-F699-4864-8856-D1792BDA0F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71CD2D3B-8E24-4FD3-9546-21DFAADA0440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "82652BAD-AC45-424C-8D8B-E82C18EFD7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7CCA8BFD-E566-47AC-9183-08E0D22ACACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "9A16EA9C-4414-4FEB-AF20-1502FB02BD8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC2E53-5DE8-4A31-9B8A-79335DFBAFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B0F029E8-5507-41D8-9703-379C331ACEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "404AFC5C-20B4-41E5-ACDE-56626D68AFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "49F6A2BA-82DA-4AC9-8DD0-7FC14E1F08F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "51E8FC92-0C19-4C64-BA9F-51B43500B2DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F37D1380-965B-40E0-8A20-61FEA072B8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F873FABC-89D1-49C1-A6BC-ACEB230F4620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2B8BE811-5465-4153-B915-9F1BBE6E2133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D67F6099-D302-4823-A83F-9AD23F573F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "907B5E42-DB06-4834-B522-6B708E674122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "9EDAA418-2B5A-45C2-B767-D99037EB17F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "A7D7BAD4-AC39-4856-B784-823DD15AF80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E101B0FE-499F-44D8-8B68-BB7FEE40D2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "747D8CD1-EE12-48A4-A795-88BC66A8DA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80EE7785-CCA3-4AC6-980D-8C4E3E1C5A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0CA65453-4879-4DA8-8600-2F8ECFED548F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE201D-F31A-4738-B9AB-7BB11417990E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4B10D10-9494-4B9D-9A35-4D768A836ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9B00B086-3318-4B5A-801D-7428DA9DB6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6ED4EC-F860-47BD-B699-551FB5DBF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre1:*:*:*:*:*:*",
"matchCriteriaId": "75509078-F1EC-49A2-A644-5F8A6C02A24E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre2:*:*:*:*:*:*",
"matchCriteriaId": "7940D1FB-A283-43EF-AC9D-98DB7CCFEC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre3:*:*:*:*:*:*",
"matchCriteriaId": "805469B4-93CD-4007-9782-BEA976E6083A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3398823-1813-4D7B-9EC9-74222A240051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:pre1:*:*:*:*:*:*",
"matchCriteriaId": "7A5A50E4-21C1-4F9B-BB82-3D18D91C9161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0748D99F-D40E-4161-B561-DE0EA4A4375A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BFCA4BA0-633F-42CF-9A38-3036C0F147ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98B7895-BDB3-477C-8B34-88BD3E02EAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16638B6B-32FC-42A5-A7A2-0C43FE22F801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C195A011-5BAC-46B0-B57E-4B193D442601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A6F8C186-8240-4F5E-8D1E-D705FB87A309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5849DB3-69F8-428E-89D4-AAC932E6CF6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E842B21F-5163-445F-8285-A4AFD42A5D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED87C9D-5D46-48A1-B6C7-31F92C340C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B13961D0-754F-4EE9-A7B7-5D892AA9F1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB2E1B1-F394-463C-AB6F-8D3741D57A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "194D87BE-AFD2-4775-8234-0CC8E41BFEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "19449938-2B92-44AC-89B2-21F142E65928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:pre0:*:*:*:*:*:*",
"matchCriteriaId": "EFD15E92-3DB1-41F0-8AF4-94120394B97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "7E20EB81-E828-41AE-AC95-FEE91D0CA757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "04B642C3-1295-4E8D-B104-4291361FA540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E5CDF725-3D97-43A4-9775-D4D4203C6B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A64C7A4-A76D-4855-B96B-CCC3479B0E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:pre2:*:*:*:*:*:*",
"matchCriteriaId": "3A0CBD58-D037-4524-AE62-6961B096BB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "99F684A7-A7DD-45C4-8FF6-66FDCFDBCBBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0C15AE0F-E78D-4211-B5D1-83185A65FD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "851C27A0-32C4-4F01-ACE8-9C71686704EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "48532322-0172-4DDA-986F-2D5B0AB9833A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "29273C2E-8622-43F1-9222-5E037492DC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D0A3E995-8046-4B14-A22E-7ADDCBC3A43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F51F5333-4645-41E6-850E-D3EFC5B16A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B9886244-AFAA-40B5-958C-8D9AF28F3001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7E404ED1-94E0-4A2F-A9F7-F941FDB0782A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A88BCABC-A39D-41BA-9DB8-DBB67483450A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1EA8E78A-65E5-4A35-8CE5-589453DF4AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3D8F5FD8-232E-4025-A6EF-BFE453D3AF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DE047F80-1FC1-460E-9C48-8515D8E34558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "82F5BB46-9B6E-44D0-9049-02EEF8411FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46371C56-6120-414C-8F95-F5297753F6B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F45F2752-8B5B-489D-8BAC-654B79D55416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C1DC976B-1AB0-4DC4-AF6C-697CE06B9E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00AFB893-E37A-4E81-A984-66D677161D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "312703C9-7145-4599-8B2C-6EF7BC060A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E751061C-DFC1-4EB5-8FBB-20183C61E45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E439C79E-EDAB-42AE-850A-E81A6F321058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.80:*:*:*:*:*:*:*",
"matchCriteriaId": "137A7FA6-6007-4485-944B-89BB8BAC9BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFEA933-CCDC-4F56-B80B-75480893049A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.86:*:*:*:*:*:*:*",
"matchCriteriaId": "54C5A322-524D-475F-9343-B63C2581348D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA620414-F78C-49C2-AC29-7CCCCC15B4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A12FC95C-F9A7-4E47-AC07-F680D4436156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D6101EAE-CB0E-4AB2-BCDC-9B4354422940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46059518-DCCB-410A-B7FD-FAF5F9DF9498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB1FAAF6-4403-4A45-B0D8-F9E4752C0CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6E90C9D-CCEF-47CE-BED1-16BF37927998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13410E37-9A6A-4A33-BB97-6B4D96AA11FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02949074-A703-4F6E-BBA7-B79021A1377E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C440174-183B-423B-8E85-37E78EB43A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CED5D54-C62B-4543-9C36-D76489EA3CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B9A9DF7-8700-4CD4-9DAA-5368066F17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC116B6E-F6A7-4885-B592-635EE06B6E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9635AFA4-24E6-4893-8B4B-57FE811A758D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32BE1C0B-D379-4A51-8188-B660730539AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C35364B8-6BB7-439D-9450-08FB11639E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5315BD2E-AE5F-49F9-8451-0D2D64CE56B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "087B001A-78B6-46EB-8623-D8C680243867",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Best Practical Solutions RT anteriores a 3.8.12 y 4.x anteriores a 4.0.6. Permiten a usuarios remotos secuestrar (hijack) la autenticaci\u00f3n de usuarios arbitrarios."
}
],
"id": "CVE-2011-2085",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-06-04T19:55:01.680",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/49259"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53660"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-15 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jesse_vincent:extension\\:\\:mobileui:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E54DEA31-7275-4F1D-9CA7-481E85CA70C0",
"versionEndIncluding": "1.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76775531-A79C-460A-B870-AABF7F95E374",
"versionEndIncluding": "4.0.5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA620414-F78C-49C2-AC29-7CCCCC15B4D7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A12FC95C-F9A7-4E47-AC07-F680D4436156",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D6101EAE-CB0E-4AB2-BCDC-9B4354422940",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46059518-DCCB-410A-B7FD-FAF5F9DF9498",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB1FAAF6-4403-4A45-B0D8-F9E4752C0CBD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6E90C9D-CCEF-47CE-BED1-16BF37927998",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13410E37-9A6A-4A33-BB97-6B4D96AA11FB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02949074-A703-4F6E-BBA7-B79021A1377E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C440174-183B-423B-8E85-37E78EB43A91",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CED5D54-C62B-4543-9C36-D76489EA3CED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B9A9DF7-8700-4CD4-9DAA-5368066F17A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC116B6E-F6A7-4885-B592-635EE06B6E05",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9635AFA4-24E6-4893-8B4B-57FE811A758D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32BE1C0B-D379-4A51-8188-B660730539AF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E768F1-80EA-4016-837E-9B92A3954F8B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C35364B8-6BB7-439D-9450-08FB11639E76",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5315BD2E-AE5F-49F9-8451-0D2D64CE56B1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la p\u00e1gina de administraci\u00f3n de temas en la extensi\u00f3n Extension::MobileUI anterior a v1.02 para (Best Practical Solutions RT) v3.8.x y en (Best Practical Solutions RT) anterior a v4.0.6."
}
],
"id": "CVE-2012-2769",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-15T21:55:01.680",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50010"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/54684"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77211"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-11 13:00
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | rt | 3.8.12 | |
| bestpractical | rt | 3.8.13 | |
| bestpractical | rt | 3.8.13 | |
| bestpractical | rt | 3.8.13 | |
| bestpractical | rt | 3.8.14 | |
| bestpractical | rt | 3.8.14 | |
| bestpractical | rt | 4.0.6 | |
| bestpractical | rt | 4.0.7 | |
| bestpractical | rt | 4.0.8 | |
| bestpractical | rt | 4.0.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C35364B8-6BB7-439D-9450-08FB11639E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0A205895-B227-49C0-879A-72FB0BDA8A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B5E26C51-9F68-4A2E-9B91-CD90C91E1791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C4581C2F-8573-41DD-8730-864D66053BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5822BA44-EF00-43AD-80AF-5AF8719E0C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4DC9BA2D-948D-42DE-A0AF-35BE5BE5F941",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5467F5A9-7FFE-4ED6-90A4-490D886B6F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A67F3E23-4345-449E-83C6-219A08412A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "20972E11-0401-4DA2-94D5-2A35F5E1AA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E81D1019-C2A1-47CA-B3C9-D208BFDE1391",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de falsificaci\u00f3n de peticiones en sitios cruzados (CSRF) en Request Tracker (RT) v3.8.12 y otras versiones anteriores v3.8.15 y v4.0.6 y otras versiones antes de v4.0.8, permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios para las peticiones que alternan los marcadores de entradas."
}
],
"id": "CVE-2012-4732",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-11-11T13:00:59.400",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/86714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/86714"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-23 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:preflight1:*:*:*:*:*:*",
"matchCriteriaId": "34A06E8A-1591-4ED9-AE0D-4A95E3327FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA620414-F78C-49C2-AC29-7CCCCC15B4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A12FC95C-F9A7-4E47-AC07-F680D4436156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D6101EAE-CB0E-4AB2-BCDC-9B4354422940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:preflight0:*:*:*:*:*:*",
"matchCriteriaId": "54941FC4-7DD6-4F6D-AA14-296045D55C44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46059518-DCCB-410A-B7FD-FAF5F9DF9498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB1FAAF6-4403-4A45-B0D8-F9E4752C0CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6E90C9D-CCEF-47CE-BED1-16BF37927998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13410E37-9A6A-4A33-BB97-6B4D96AA11FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02949074-A703-4F6E-BBA7-B79021A1377E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C440174-183B-423B-8E85-37E78EB43A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CED5D54-C62B-4543-9C36-D76489EA3CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B9A9DF7-8700-4CD4-9DAA-5368066F17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC116B6E-F6A7-4885-B592-635EE06B6E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9635AFA4-24E6-4893-8B4B-57FE811A758D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32BE1C0B-D379-4A51-8188-B660730539AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DDD10111-15EC-4749-BC02-97979FFFA370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E768F1-80EA-4016-837E-9B92A3954F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82B26A8A-701E-4144-BE4A-E7C886C2E7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2C19BF7A-B957-422B-8B93-DB1B986979AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C35364B8-6BB7-439D-9450-08FB11639E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0A205895-B227-49C0-879A-72FB0BDA8A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B5E26C51-9F68-4A2E-9B91-CD90C91E1791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C4581C2F-8573-41DD-8730-864D66053BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5822BA44-EF00-43AD-80AF-5AF8719E0C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4DC9BA2D-948D-42DE-A0AF-35BE5BE5F941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AE10624B-CEC3-4851-8C40-04DEDB17A4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE28E11-DE45-44AF-929A-A0F48D14FBE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F478B6AB-8B47-46A2-BEA7-9FF24F4A7026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A7CA2655-8B75-4DFF-9B30-1B9839B87D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D976231-5D79-4C48-BFFA-39E3E7FE35A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F35ABA0F-6072-433E-AAA5-3B0BB219B404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "886BD643-B430-4E7A-BC33-50A1B01515D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C469BBE-00A5-4B19-91E4-5C5DF3210BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5315BD2E-AE5F-49F9-8451-0D2D64CE56B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "087B001A-78B6-46EB-8623-D8C680243867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E39EBCE5-FB2E-475E-9EF4-263416315A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5467F5A9-7FFE-4ED6-90A4-490D886B6F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "252B0169-58A5-4AF4-BB71-08D0A874B616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A67F3E23-4345-449E-83C6-219A08412A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BAFB3374-D0EA-4962-B2B6-4B7A336F874F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "20972E11-0401-4DA2-94D5-2A35F5E1AA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E81D1019-C2A1-47CA-B3C9-D208BFDE1391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "45AD36C4-069B-4A2F-ACAE-E2EF7BC1CA4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "15112BC0-8C03-4417-A0EB-123C326E6F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "685B747F-6C34-4D76-B1A3-652EF2480D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E6D6E2-13A1-4AF9-B1A2-414588CCBD35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors."
},
{
"lang": "es",
"value": "Request Tracker (RT) v3.8.x anterior a v3.8.17 y v4.0.x anterior a v4.0.13 permite a los usuarios remotos autenticados con los permisos para ver las p\u00e1ginas de administraci\u00f3n para ejecutar a su elecci\u00f3n los componentes privados a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-3369",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-23T16:55:07.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53505"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53522"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/93610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/93610"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-22 10:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B558A64D-2E06-416C-85F5-AAFFD18096D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A24FF7-A1B0-4998-A0F8-6E5D70901299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F01659AA-9146-4238-9FEE-70D345D31094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA74674-D04E-4458-ADF0-C733E9592B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F4ACD97-35AD-4E23-83FC-E39016936EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF589DDB-4348-4A55-9468-DBB5F03C82F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C59D941-22C2-41A7-B9BA-4CBDA3E71F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB507C08-D3CC-4AC8-9BAC-EED9FD09E1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A50288EA-2628-47D7-9F25-EE514B9083F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "91868A78-C6C7-4C03-95B3-755816F8C663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B4383B-20C5-4620-8107-255AD3D45D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09A128B7-AA70-49DD-A20E-B9BB7D23A4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "88EFA7E0-C472-4E93-8E38-98DFCCD37EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6E6381E7-1C01-4239-A02F-C6DB5D775F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4120F4E4-E4EB-434C-9764-370102198554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E1CA0866-CC49-4956-9493-849069B4485B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "565B7E66-BD96-419A-8EC2-FE971BDC47A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC1443B-50C8-4E98-9900-CACFEA5AD00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F451959A-5305-4210-977B-6B396BC0A4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA418CF5-49D6-4E0E-A1B5-8CB23752989D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E238F87-8D8C-4E62-A8F0-3DB9EFDB8328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD8A7EF-5DB8-40C6-9124-A97A23B3EA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD553B8-8495-47E5-A543-4DC963B3511A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "28ADB191-4787-4FDB-B70A-F4C8BDF0F4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2772389A-9BCD-4B13-88C8-75BC64E40AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F9D05F-C86D-40D8-A7D9-5448918B72DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "311485DA-5381-4EAD-AF58-B8C67373413A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAF6671-8C77-448B-BF29-E2CF51176CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B55D762D-A723-435C-8D80-F7230F1648D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC63EDC-541E-445D-8B72-799E4184B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E6196E-4A90-4F64-BA99-A8E04A09D5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7CE86-3FCD-472E-BF01-31FFB36701BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B3F0B2-8C70-4046-AAA0-FBD344FE4DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD0173D-F699-4864-8856-D1792BDA0F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC2E53-5DE8-4A31-9B8A-79335DFBAFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "404AFC5C-20B4-41E5-ACDE-56626D68AFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F37D1380-965B-40E0-8A20-61FEA072B8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E101B0FE-499F-44D8-8B68-BB7FEE40D2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "747D8CD1-EE12-48A4-A795-88BC66A8DA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE201D-F31A-4738-B9AB-7BB11417990E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6ED4EC-F860-47BD-B699-551FB5DBF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3398823-1813-4D7B-9EC9-74222A240051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98B7895-BDB3-477C-8B34-88BD3E02EAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00AFB893-E37A-4E81-A984-66D677161D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "312703C9-7145-4599-8B2C-6EF7BC060A07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Best Practical Solutions RT v2.0.0 hasta v3.6.10, v3.8.0 hasta v3.8.9, y v4.0.0rc hasta 4.0.0rc7 permiten a usuarios remotos autenticados ejecutar comandos SQL a trav\u00e9s de vectores no especificados, como se demostr\u00f3 mediante la lectura de datos."
}
],
"id": "CVE-2011-1686",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-22T10:55:02.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44189"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47383"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66792"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-23 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.1 | |
| bestpractical | rt | 4.0.1 | |
| bestpractical | rt | 4.0.1 | |
| bestpractical | rt | 4.0.2 | |
| bestpractical | rt | 4.0.2 | |
| bestpractical | rt | 4.0.2 | |
| bestpractical | rt | 4.0.3 | |
| bestpractical | rt | 4.0.3 | |
| bestpractical | rt | 4.0.3 | |
| bestpractical | rt | 4.0.4 | |
| bestpractical | rt | 4.0.5 | |
| bestpractical | rt | 4.0.5 | |
| bestpractical | rt | 4.0.6 | |
| bestpractical | rt | 4.0.7 | |
| bestpractical | rt | 4.0.7 | |
| bestpractical | rt | 4.0.8 | |
| bestpractical | rt | 4.0.8 | |
| bestpractical | rt | 4.0.8 | |
| bestpractical | rt | 4.0.9 | |
| bestpractical | rt | 4.0.10 | |
| bestpractical | rt | 4.0.11 | |
| bestpractical | rt | 4.0.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F478B6AB-8B47-46A2-BEA7-9FF24F4A7026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A7CA2655-8B75-4DFF-9B30-1B9839B87D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D976231-5D79-4C48-BFFA-39E3E7FE35A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F35ABA0F-6072-433E-AAA5-3B0BB219B404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "886BD643-B430-4E7A-BC33-50A1B01515D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C469BBE-00A5-4B19-91E4-5C5DF3210BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5315BD2E-AE5F-49F9-8451-0D2D64CE56B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "087B001A-78B6-46EB-8623-D8C680243867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E39EBCE5-FB2E-475E-9EF4-263416315A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5467F5A9-7FFE-4ED6-90A4-490D886B6F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "252B0169-58A5-4AF4-BB71-08D0A874B616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A67F3E23-4345-449E-83C6-219A08412A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BAFB3374-D0EA-4962-B2B6-4B7A336F874F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "20972E11-0401-4DA2-94D5-2A35F5E1AA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E81D1019-C2A1-47CA-B3C9-D208BFDE1391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "45AD36C4-069B-4A2F-ACAE-E2EF7BC1CA4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "15112BC0-8C03-4417-A0EB-123C326E6F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "685B747F-6C34-4D76-B1A3-652EF2480D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E6D6E2-13A1-4AF9-B1A2-414588CCBD35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en Request Tracker (RT) v4.x anterior a v4.0.13, cuando se configura MakeClicky, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s una URL en un ticket. NOTA: este problema se ha dividido desde CVE-2013-3371 debido a las diferentes versiones afectadas."
}
],
"id": "CVE-2013-5587",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-23T16:55:07.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/53505"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53522"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/53505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2670"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-23 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F478B6AB-8B47-46A2-BEA7-9FF24F4A7026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A7CA2655-8B75-4DFF-9B30-1B9839B87D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D976231-5D79-4C48-BFFA-39E3E7FE35A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F35ABA0F-6072-433E-AAA5-3B0BB219B404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "886BD643-B430-4E7A-BC33-50A1B01515D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C469BBE-00A5-4B19-91E4-5C5DF3210BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5315BD2E-AE5F-49F9-8451-0D2D64CE56B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "087B001A-78B6-46EB-8623-D8C680243867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E39EBCE5-FB2E-475E-9EF4-263416315A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5467F5A9-7FFE-4ED6-90A4-490D886B6F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "252B0169-58A5-4AF4-BB71-08D0A874B616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A67F3E23-4345-449E-83C6-219A08412A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BAFB3374-D0EA-4962-B2B6-4B7A336F874F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "20972E11-0401-4DA2-94D5-2A35F5E1AA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E81D1019-C2A1-47CA-B3C9-D208BFDE1391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "45AD36C4-069B-4A2F-ACAE-E2EF7BC1CA4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "15112BC0-8C03-4417-A0EB-123C326E6F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "685B747F-6C34-4D76-B1A3-652EF2480D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E6D6E2-13A1-4AF9-B1A2-414588CCBD35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:preflight1:*:*:*:*:*:*",
"matchCriteriaId": "34A06E8A-1591-4ED9-AE0D-4A95E3327FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA620414-F78C-49C2-AC29-7CCCCC15B4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A12FC95C-F9A7-4E47-AC07-F680D4436156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D6101EAE-CB0E-4AB2-BCDC-9B4354422940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:preflight0:*:*:*:*:*:*",
"matchCriteriaId": "54941FC4-7DD6-4F6D-AA14-296045D55C44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46059518-DCCB-410A-B7FD-FAF5F9DF9498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB1FAAF6-4403-4A45-B0D8-F9E4752C0CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6E90C9D-CCEF-47CE-BED1-16BF37927998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13410E37-9A6A-4A33-BB97-6B4D96AA11FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02949074-A703-4F6E-BBA7-B79021A1377E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C440174-183B-423B-8E85-37E78EB43A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CED5D54-C62B-4543-9C36-D76489EA3CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B9A9DF7-8700-4CD4-9DAA-5368066F17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC116B6E-F6A7-4885-B592-635EE06B6E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9635AFA4-24E6-4893-8B4B-57FE811A758D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32BE1C0B-D379-4A51-8188-B660730539AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DDD10111-15EC-4749-BC02-97979FFFA370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E768F1-80EA-4016-837E-9B92A3954F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82B26A8A-701E-4144-BE4A-E7C886C2E7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2C19BF7A-B957-422B-8B93-DB1B986979AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C35364B8-6BB7-439D-9450-08FB11639E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0A205895-B227-49C0-879A-72FB0BDA8A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B5E26C51-9F68-4A2E-9B91-CD90C91E1791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C4581C2F-8573-41DD-8730-864D66053BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5822BA44-EF00-43AD-80AF-5AF8719E0C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4DC9BA2D-948D-42DE-A0AF-35BE5BE5F941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AE10624B-CEC3-4851-8C40-04DEDB17A4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE28E11-DE45-44AF-929A-A0F48D14FBE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request."
},
{
"lang": "es",
"value": "Request Tracker (RT) v3.8.x anterior a v3.8.17 y v4.0.x anterior a v4.0.13 no restringe adecuadamente el acceso a los componentes de devoluci\u00f3n de llamada privados, lo que permite a atacantes remotos tienen un impacto no especificado a trav\u00e9s de una petici\u00f3n directa."
}
],
"id": "CVE-2013-3370",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-23T16:55:07.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53505"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53522"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/93609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/93609"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-23 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F478B6AB-8B47-46A2-BEA7-9FF24F4A7026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A7CA2655-8B75-4DFF-9B30-1B9839B87D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D976231-5D79-4C48-BFFA-39E3E7FE35A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F35ABA0F-6072-433E-AAA5-3B0BB219B404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "886BD643-B430-4E7A-BC33-50A1B01515D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C469BBE-00A5-4B19-91E4-5C5DF3210BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5315BD2E-AE5F-49F9-8451-0D2D64CE56B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "087B001A-78B6-46EB-8623-D8C680243867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E39EBCE5-FB2E-475E-9EF4-263416315A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5467F5A9-7FFE-4ED6-90A4-490D886B6F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "252B0169-58A5-4AF4-BB71-08D0A874B616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A67F3E23-4345-449E-83C6-219A08412A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BAFB3374-D0EA-4962-B2B6-4B7A336F874F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "20972E11-0401-4DA2-94D5-2A35F5E1AA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E81D1019-C2A1-47CA-B3C9-D208BFDE1391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "45AD36C4-069B-4A2F-ACAE-E2EF7BC1CA4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "15112BC0-8C03-4417-A0EB-123C326E6F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "685B747F-6C34-4D76-B1A3-652EF2480D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E6D6E2-13A1-4AF9-B1A2-414588CCBD35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:preflight1:*:*:*:*:*:*",
"matchCriteriaId": "34A06E8A-1591-4ED9-AE0D-4A95E3327FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA620414-F78C-49C2-AC29-7CCCCC15B4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A12FC95C-F9A7-4E47-AC07-F680D4436156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D6101EAE-CB0E-4AB2-BCDC-9B4354422940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:preflight0:*:*:*:*:*:*",
"matchCriteriaId": "54941FC4-7DD6-4F6D-AA14-296045D55C44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46059518-DCCB-410A-B7FD-FAF5F9DF9498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB1FAAF6-4403-4A45-B0D8-F9E4752C0CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6E90C9D-CCEF-47CE-BED1-16BF37927998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13410E37-9A6A-4A33-BB97-6B4D96AA11FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02949074-A703-4F6E-BBA7-B79021A1377E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C440174-183B-423B-8E85-37E78EB43A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CED5D54-C62B-4543-9C36-D76489EA3CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B9A9DF7-8700-4CD4-9DAA-5368066F17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC116B6E-F6A7-4885-B592-635EE06B6E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9635AFA4-24E6-4893-8B4B-57FE811A758D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32BE1C0B-D379-4A51-8188-B660730539AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DDD10111-15EC-4749-BC02-97979FFFA370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E768F1-80EA-4016-837E-9B92A3954F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82B26A8A-701E-4144-BE4A-E7C886C2E7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2C19BF7A-B957-422B-8B93-DB1B986979AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C35364B8-6BB7-439D-9450-08FB11639E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0A205895-B227-49C0-879A-72FB0BDA8A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B5E26C51-9F68-4A2E-9B91-CD90C91E1791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C4581C2F-8573-41DD-8730-864D66053BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5822BA44-EF00-43AD-80AF-5AF8719E0C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4DC9BA2D-948D-42DE-A0AF-35BE5BE5F941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AE10624B-CEC3-4851-8C40-04DEDB17A4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE28E11-DE45-44AF-929A-A0F48D14FBE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name."
},
{
"lang": "es",
"value": "bin/rt en Request Tracker (RT) v3.8.x anterior a v3.8.17 y v4.0.x anterior a v4.0.13 permite a los usuarios locales sobreescribir archivos arbitrarios a trav\u00e9s de un ataque de enlaces simb\u00f3licos en un archivo temporal con nombre predecible."
}
],
"id": "CVE-2013-3368",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-23T16:55:07.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53505"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53522"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/93612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/93612"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-17 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | rt | 3.4.6 | |
| bestpractical | rt | 3.6.0 | |
| bestpractical | rt | 3.6.1 | |
| bestpractical | rt | 3.6.2 | |
| bestpractical | rt | 3.6.3 | |
| bestpractical | rt | 3.6.4 | |
| bestpractical | rt | 3.6.5 | |
| bestpractical | rt | 3.6.6 | |
| bestpractical | rt | 3.6.7 | |
| bestpractical | rt | 3.6.8 | |
| bestpractical | rt | 3.8.0 | |
| bestpractical | rt | 3.8.1 | |
| bestpractical | rt | 3.8.2 | |
| bestpractical | rt | 3.8.3 | |
| bestpractical | rt | 3.8.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98B7895-BDB3-477C-8B34-88BD3E02EAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Best Practical Solutions RT v3.6.x anteriores a v3.6.9, v3.8.x anteriores a v3.8.5, y otros desde v3.4.6 hasta v3.8.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de ciertos campos personalizados."
}
],
"id": "CVE-2009-3892",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-11-17T18:30:00.407",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546778"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000172.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000173.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2009/11/15/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2009/11/16/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000172.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000173.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/11/15/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/11/16/4"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-04 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:pre0:*:*:*:*:*:*",
"matchCriteriaId": "EFD15E92-3DB1-41F0-8AF4-94120394B97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "7E20EB81-E828-41AE-AC95-FEE91D0CA757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "04B642C3-1295-4E8D-B104-4291361FA540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E5CDF725-3D97-43A4-9775-D4D4203C6B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A64C7A4-A76D-4855-B96B-CCC3479B0E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:pre2:*:*:*:*:*:*",
"matchCriteriaId": "3A0CBD58-D037-4524-AE62-6961B096BB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "99F684A7-A7DD-45C4-8FF6-66FDCFDBCBBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0C15AE0F-E78D-4211-B5D1-83185A65FD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "851C27A0-32C4-4F01-ACE8-9C71686704EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "48532322-0172-4DDA-986F-2D5B0AB9833A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "29273C2E-8622-43F1-9222-5E037492DC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D0A3E995-8046-4B14-A22E-7ADDCBC3A43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F51F5333-4645-41E6-850E-D3EFC5B16A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B9886244-AFAA-40B5-958C-8D9AF28F3001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7E404ED1-94E0-4A2F-A9F7-F941FDB0782A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A88BCABC-A39D-41BA-9DB8-DBB67483450A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1EA8E78A-65E5-4A35-8CE5-589453DF4AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3D8F5FD8-232E-4025-A6EF-BFE453D3AF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DE047F80-1FC1-460E-9C48-8515D8E34558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "82F5BB46-9B6E-44D0-9049-02EEF8411FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46371C56-6120-414C-8F95-F5297753F6B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F45F2752-8B5B-489D-8BAC-654B79D55416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C1DC976B-1AB0-4DC4-AF6C-697CE06B9E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00AFB893-E37A-4E81-A984-66D677161D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "312703C9-7145-4599-8B2C-6EF7BC060A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E751061C-DFC1-4EB5-8FBB-20183C61E45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E439C79E-EDAB-42AE-850A-E81A6F321058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.80:*:*:*:*:*:*:*",
"matchCriteriaId": "137A7FA6-6007-4485-944B-89BB8BAC9BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFEA933-CCDC-4F56-B80B-75480893049A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.86:*:*:*:*:*:*:*",
"matchCriteriaId": "54C5A322-524D-475F-9343-B63C2581348D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA620414-F78C-49C2-AC29-7CCCCC15B4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A12FC95C-F9A7-4E47-AC07-F680D4436156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D6101EAE-CB0E-4AB2-BCDC-9B4354422940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46059518-DCCB-410A-B7FD-FAF5F9DF9498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB1FAAF6-4403-4A45-B0D8-F9E4752C0CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6E90C9D-CCEF-47CE-BED1-16BF37927998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13410E37-9A6A-4A33-BB97-6B4D96AA11FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02949074-A703-4F6E-BBA7-B79021A1377E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C440174-183B-423B-8E85-37E78EB43A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CED5D54-C62B-4543-9C36-D76489EA3CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B9A9DF7-8700-4CD4-9DAA-5368066F17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC116B6E-F6A7-4885-B592-635EE06B6E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9635AFA4-24E6-4893-8B4B-57FE811A758D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32BE1C0B-D379-4A51-8188-B660730539AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E768F1-80EA-4016-837E-9B92A3954F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5315BD2E-AE5F-49F9-8451-0D2D64CE56B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "087B001A-78B6-46EB-8623-D8C680243867",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093."
},
{
"lang": "es",
"value": "Best Practical Solutions RT 3.6.x, 3.7.x, 3.8.x anteriores a 3.8.12 y 4.x anteriores a 4.0.6, si las opciones VERPPrefix y VERPDomain est\u00e1n habilitadas, permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores sin especificar. Una vulnerabilidad distinta a la CVE-2011-5092 y CVE-2011-5093."
}
],
"id": "CVE-2011-4458",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-04T19:55:01.727",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/49259"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53660"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-04 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | rt | 3.8.12 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.1 | |
| bestpractical | rt | 4.0.2 | |
| bestpractical | rt | 4.0.3 | |
| bestpractical | rt | 4.0.4 | |
| bestpractical | rt | 4.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C35364B8-6BB7-439D-9450-08FB11639E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5315BD2E-AE5F-49F9-8451-0D2D64CE56B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "087B001A-78B6-46EB-8623-D8C680243867",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092."
},
{
"lang": "es",
"value": "Best Practical Solutions RT 4.x anteriores a 4.0.6 no implementa apropiadamente la opci\u00f3n DisallowExecuteCode, lo que permite a usuarios autenticados remotos evitar las restricciones de acceso previstas y ejecutar c\u00f3digo arbitrario utilizando el acceso a una cuenta con privilegios. Una vulnerabilidad distinta a la CVE-2011-4458 y CVE-2011-5092."
}
],
"id": "CVE-2011-5093",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-04T19:55:01.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-11 13:00
Modified
2025-04-11 00:51
Severity ?
Summary
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:preflight1:*:*:*:*:*:*",
"matchCriteriaId": "34A06E8A-1591-4ED9-AE0D-4A95E3327FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA620414-F78C-49C2-AC29-7CCCCC15B4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A12FC95C-F9A7-4E47-AC07-F680D4436156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D6101EAE-CB0E-4AB2-BCDC-9B4354422940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:preflight0:*:*:*:*:*:*",
"matchCriteriaId": "54941FC4-7DD6-4F6D-AA14-296045D55C44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46059518-DCCB-410A-B7FD-FAF5F9DF9498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB1FAAF6-4403-4A45-B0D8-F9E4752C0CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6E90C9D-CCEF-47CE-BED1-16BF37927998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13410E37-9A6A-4A33-BB97-6B4D96AA11FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02949074-A703-4F6E-BBA7-B79021A1377E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C440174-183B-423B-8E85-37E78EB43A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CED5D54-C62B-4543-9C36-D76489EA3CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B9A9DF7-8700-4CD4-9DAA-5368066F17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC116B6E-F6A7-4885-B592-635EE06B6E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9635AFA4-24E6-4893-8B4B-57FE811A758D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32BE1C0B-D379-4A51-8188-B660730539AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DDD10111-15EC-4749-BC02-97979FFFA370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E768F1-80EA-4016-837E-9B92A3954F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82B26A8A-701E-4144-BE4A-E7C886C2E7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2C19BF7A-B957-422B-8B93-DB1B986979AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C35364B8-6BB7-439D-9450-08FB11639E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B5E26C51-9F68-4A2E-9B91-CD90C91E1791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C4581C2F-8573-41DD-8730-864D66053BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4DC9BA2D-948D-42DE-A0AF-35BE5BE5F941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F478B6AB-8B47-46A2-BEA7-9FF24F4A7026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A7CA2655-8B75-4DFF-9B30-1B9839B87D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D976231-5D79-4C48-BFFA-39E3E7FE35A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F35ABA0F-6072-433E-AAA5-3B0BB219B404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "886BD643-B430-4E7A-BC33-50A1B01515D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C469BBE-00A5-4B19-91E4-5C5DF3210BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5315BD2E-AE5F-49F9-8451-0D2D64CE56B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "087B001A-78B6-46EB-8623-D8C680243867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E39EBCE5-FB2E-475E-9EF4-263416315A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5467F5A9-7FFE-4ED6-90A4-490D886B6F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A67F3E23-4345-449E-83C6-219A08412A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "20972E11-0401-4DA2-94D5-2A35F5E1AA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E81D1019-C2A1-47CA-B3C9-D208BFDE1391",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors."
},
{
"lang": "es",
"value": "equest Tracker (RT) v3.8.x antes de v3.8.15 y v4.0.x antes de v4.0.8 permite a usuarios remotos autenticados con ModifySelf o privilegios adminuser para inyectar cabeceras arbitrarias de correo electr\u00f3nico y realizar ataques de phishing u obtener informaci\u00f3n sensible a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2012-4730",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-11T13:00:59.197",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-15 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | rt | 4.2.0 | |
| bestpractical | rt | 4.2.1 | |
| bestpractical | rt | 4.2.2 | |
| email\ | \ | address\ |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D219D49-924E-4B71-83B0-546AD854A826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "831BDCD8-F8DF-4308-9451-CBD4137E41FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64EDF9DF-6F3D-440D-AF17-D6E5CEAC9BEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:email\\:\\:address\\:\\:list_project:email\\:\\:address\\:\\:list:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE888A3-E320-4446-B0E7-0F80836B3D99",
"versionEndIncluding": "0.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address."
},
{
"lang": "es",
"value": "Vulnerabilidad en la complejidad algor\u00edtmica en Email::Address::List anterior a 0.02, utilizado en RT 4.2.0 hasta 4.2.2, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de una cadena sin direcci\u00f3n."
}
],
"id": "CVE-2014-1474",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-15T14:55:08.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2014-June/000257.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://metacpan.org/changes/release/ALEXMV/Email-Address-List-0.02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2014-June/000257.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://metacpan.org/changes/release/ALEXMV/Email-Address-List-0.02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-04 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F451959A-5305-4210-977B-6B396BC0A4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA418CF5-49D6-4E0E-A1B5-8CB23752989D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E238F87-8D8C-4E62-A8F0-3DB9EFDB8328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD8A7EF-5DB8-40C6-9124-A97A23B3EA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD553B8-8495-47E5-A543-4DC963B3511A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "28ADB191-4787-4FDB-B70A-F4C8BDF0F4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2772389A-9BCD-4B13-88C8-75BC64E40AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F9D05F-C86D-40D8-A7D9-5448918B72DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "311485DA-5381-4EAD-AF58-B8C67373413A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAF6671-8C77-448B-BF29-E2CF51176CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B55D762D-A723-435C-8D80-F7230F1648D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC63EDC-541E-445D-8B72-799E4184B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:pre1:*:*:*:*:*:*",
"matchCriteriaId": "0EF72E77-6239-4DAB-945C-4B13700E78E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:pre2:*:*:*:*:*:*",
"matchCriteriaId": "8355F0C0-4DA0-41AC-8051-2C04D9999685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3A5B2131-A083-4B8A-8B45-F8A8BEF06BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E6196E-4A90-4F64-BA99-A8E04A09D5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E61CEFCD-49F2-465F-AB2C-97DC18D1543B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FCA20CA1-D33C-4609-A281-ED5A4D92E2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3EF32CB2-6057-4DFF-8E6A-72B1E2E01D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7CE86-3FCD-472E-BF01-31FFB36701BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A295B774-B2C6-4AE0-882A-B66DF14C0074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A01B64B7-0FCB-4B5E-85E0-DA56F1435ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0343F2B3-AF01-426D-8C01-AFB5C9030E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE952D4-9007-4FE0-A58D-B0A225458C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF07E00-0662-4A28-A5B8-AA1813545E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "58E23D2E-3AF8-4D6B-BFE3-16E48BC85809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE28027-A500-454E-85F8-A2C8D2E34EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB2CF89-FB9B-4C8A-8590-6FC29CADD8B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "69AA8284-4A34-4748-B8B3-9EE57FC58032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5D488FC4-78E4-46D4-A752-89070583077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFB43D5-E6FF-47F9-8D6A-3B6B36417D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5D853DB7-318F-4EAD-BC10-D7C941AE8841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AB92945C-3DE7-43C5-A871-DBCE5E82F945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "338B3ECA-954D-4909-96FC-B15B0E5A36D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "78414EA2-BDC0-4E6F-976A-F6E1F88E79EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B3F0B2-8C70-4046-AAA0-FBD344FE4DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2D97508D-348E-46A3-8007-4D81084687D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4A6BBFDC-91A3-4A17-B581-12CBBC4FE0F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1126CD28-73D9-4F31-8E37-9D7804897A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "24511FB5-0BCF-4407-9B96-CD78B54A9B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD0173D-F699-4864-8856-D1792BDA0F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71CD2D3B-8E24-4FD3-9546-21DFAADA0440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "82652BAD-AC45-424C-8D8B-E82C18EFD7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7CCA8BFD-E566-47AC-9183-08E0D22ACACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "9A16EA9C-4414-4FEB-AF20-1502FB02BD8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC2E53-5DE8-4A31-9B8A-79335DFBAFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B0F029E8-5507-41D8-9703-379C331ACEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "404AFC5C-20B4-41E5-ACDE-56626D68AFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "49F6A2BA-82DA-4AC9-8DD0-7FC14E1F08F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "51E8FC92-0C19-4C64-BA9F-51B43500B2DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F37D1380-965B-40E0-8A20-61FEA072B8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F873FABC-89D1-49C1-A6BC-ACEB230F4620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2B8BE811-5465-4153-B915-9F1BBE6E2133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D67F6099-D302-4823-A83F-9AD23F573F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "907B5E42-DB06-4834-B522-6B708E674122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "9EDAA418-2B5A-45C2-B767-D99037EB17F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "A7D7BAD4-AC39-4856-B784-823DD15AF80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E101B0FE-499F-44D8-8B68-BB7FEE40D2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "747D8CD1-EE12-48A4-A795-88BC66A8DA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80EE7785-CCA3-4AC6-980D-8C4E3E1C5A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0CA65453-4879-4DA8-8600-2F8ECFED548F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE201D-F31A-4738-B9AB-7BB11417990E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4B10D10-9494-4B9D-9A35-4D768A836ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9B00B086-3318-4B5A-801D-7428DA9DB6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6ED4EC-F860-47BD-B699-551FB5DBF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre1:*:*:*:*:*:*",
"matchCriteriaId": "75509078-F1EC-49A2-A644-5F8A6C02A24E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre2:*:*:*:*:*:*",
"matchCriteriaId": "7940D1FB-A283-43EF-AC9D-98DB7CCFEC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre3:*:*:*:*:*:*",
"matchCriteriaId": "805469B4-93CD-4007-9782-BEA976E6083A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3398823-1813-4D7B-9EC9-74222A240051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:pre1:*:*:*:*:*:*",
"matchCriteriaId": "7A5A50E4-21C1-4F9B-BB82-3D18D91C9161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0748D99F-D40E-4161-B561-DE0EA4A4375A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BFCA4BA0-633F-42CF-9A38-3036C0F147ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98B7895-BDB3-477C-8B34-88BD3E02EAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16638B6B-32FC-42A5-A7A2-0C43FE22F801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C195A011-5BAC-46B0-B57E-4B193D442601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A6F8C186-8240-4F5E-8D1E-D705FB87A309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5849DB3-69F8-428E-89D4-AAC932E6CF6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E842B21F-5163-445F-8285-A4AFD42A5D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED87C9D-5D46-48A1-B6C7-31F92C340C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B13961D0-754F-4EE9-A7B7-5D892AA9F1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB2E1B1-F394-463C-AB6F-8D3741D57A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "194D87BE-AFD2-4775-8234-0CC8E41BFEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "19449938-2B92-44AC-89B2-21F142E65928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:pre0:*:*:*:*:*:*",
"matchCriteriaId": "EFD15E92-3DB1-41F0-8AF4-94120394B97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "7E20EB81-E828-41AE-AC95-FEE91D0CA757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "04B642C3-1295-4E8D-B104-4291361FA540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E5CDF725-3D97-43A4-9775-D4D4203C6B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A64C7A4-A76D-4855-B96B-CCC3479B0E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:pre2:*:*:*:*:*:*",
"matchCriteriaId": "3A0CBD58-D037-4524-AE62-6961B096BB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "99F684A7-A7DD-45C4-8FF6-66FDCFDBCBBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0C15AE0F-E78D-4211-B5D1-83185A65FD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "851C27A0-32C4-4F01-ACE8-9C71686704EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "48532322-0172-4DDA-986F-2D5B0AB9833A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "29273C2E-8622-43F1-9222-5E037492DC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D0A3E995-8046-4B14-A22E-7ADDCBC3A43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F51F5333-4645-41E6-850E-D3EFC5B16A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B9886244-AFAA-40B5-958C-8D9AF28F3001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7E404ED1-94E0-4A2F-A9F7-F941FDB0782A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A88BCABC-A39D-41BA-9DB8-DBB67483450A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1EA8E78A-65E5-4A35-8CE5-589453DF4AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3D8F5FD8-232E-4025-A6EF-BFE453D3AF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DE047F80-1FC1-460E-9C48-8515D8E34558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "82F5BB46-9B6E-44D0-9049-02EEF8411FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46371C56-6120-414C-8F95-F5297753F6B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F45F2752-8B5B-489D-8BAC-654B79D55416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C1DC976B-1AB0-4DC4-AF6C-697CE06B9E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00AFB893-E37A-4E81-A984-66D677161D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "312703C9-7145-4599-8B2C-6EF7BC060A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E751061C-DFC1-4EB5-8FBB-20183C61E45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E439C79E-EDAB-42AE-850A-E81A6F321058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.80:*:*:*:*:*:*:*",
"matchCriteriaId": "137A7FA6-6007-4485-944B-89BB8BAC9BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFEA933-CCDC-4F56-B80B-75480893049A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.86:*:*:*:*:*:*:*",
"matchCriteriaId": "54C5A322-524D-475F-9343-B63C2581348D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA620414-F78C-49C2-AC29-7CCCCC15B4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A12FC95C-F9A7-4E47-AC07-F680D4436156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D6101EAE-CB0E-4AB2-BCDC-9B4354422940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46059518-DCCB-410A-B7FD-FAF5F9DF9498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB1FAAF6-4403-4A45-B0D8-F9E4752C0CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6E90C9D-CCEF-47CE-BED1-16BF37927998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13410E37-9A6A-4A33-BB97-6B4D96AA11FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02949074-A703-4F6E-BBA7-B79021A1377E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C440174-183B-423B-8E85-37E78EB43A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CED5D54-C62B-4543-9C36-D76489EA3CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B9A9DF7-8700-4CD4-9DAA-5368066F17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC116B6E-F6A7-4885-B592-635EE06B6E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9635AFA4-24E6-4893-8B4B-57FE811A758D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32BE1C0B-D379-4A51-8188-B660730539AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E768F1-80EA-4016-837E-9B92A3954F8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C35364B8-6BB7-439D-9450-08FB11639E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5315BD2E-AE5F-49F9-8451-0D2D64CE56B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "087B001A-78B6-46EB-8623-D8C680243867",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account."
},
{
"lang": "es",
"value": "Best Practical Solutions RT 3.x anteriores a 3.8.12 y 4.x anteriores a 4.0.6 permiten a usuarios autenticados remotos leer (1) hashes de contrase\u00f1as previas e (2) historial de correspondencia de tickets utilizando el acceso a una cuenta privilegiada."
}
],
"id": "CVE-2011-2084",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-04T19:55:01.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/49259"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53660"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-04 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code and gain privileges via unspecified vectors, a different vulnerability than CVE-2011-4458 and CVE-2011-5093.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F451959A-5305-4210-977B-6B396BC0A4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA418CF5-49D6-4E0E-A1B5-8CB23752989D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E238F87-8D8C-4E62-A8F0-3DB9EFDB8328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD8A7EF-5DB8-40C6-9124-A97A23B3EA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD553B8-8495-47E5-A543-4DC963B3511A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "28ADB191-4787-4FDB-B70A-F4C8BDF0F4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2772389A-9BCD-4B13-88C8-75BC64E40AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F9D05F-C86D-40D8-A7D9-5448918B72DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "311485DA-5381-4EAD-AF58-B8C67373413A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAF6671-8C77-448B-BF29-E2CF51176CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B55D762D-A723-435C-8D80-F7230F1648D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC63EDC-541E-445D-8B72-799E4184B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:pre1:*:*:*:*:*:*",
"matchCriteriaId": "0EF72E77-6239-4DAB-945C-4B13700E78E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:pre2:*:*:*:*:*:*",
"matchCriteriaId": "8355F0C0-4DA0-41AC-8051-2C04D9999685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3A5B2131-A083-4B8A-8B45-F8A8BEF06BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E6196E-4A90-4F64-BA99-A8E04A09D5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E61CEFCD-49F2-465F-AB2C-97DC18D1543B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FCA20CA1-D33C-4609-A281-ED5A4D92E2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3EF32CB2-6057-4DFF-8E6A-72B1E2E01D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7CE86-3FCD-472E-BF01-31FFB36701BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A295B774-B2C6-4AE0-882A-B66DF14C0074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A01B64B7-0FCB-4B5E-85E0-DA56F1435ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0343F2B3-AF01-426D-8C01-AFB5C9030E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE952D4-9007-4FE0-A58D-B0A225458C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF07E00-0662-4A28-A5B8-AA1813545E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "58E23D2E-3AF8-4D6B-BFE3-16E48BC85809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE28027-A500-454E-85F8-A2C8D2E34EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB2CF89-FB9B-4C8A-8590-6FC29CADD8B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "69AA8284-4A34-4748-B8B3-9EE57FC58032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5D488FC4-78E4-46D4-A752-89070583077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFB43D5-E6FF-47F9-8D6A-3B6B36417D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5D853DB7-318F-4EAD-BC10-D7C941AE8841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AB92945C-3DE7-43C5-A871-DBCE5E82F945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "338B3ECA-954D-4909-96FC-B15B0E5A36D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "78414EA2-BDC0-4E6F-976A-F6E1F88E79EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B3F0B2-8C70-4046-AAA0-FBD344FE4DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2D97508D-348E-46A3-8007-4D81084687D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4A6BBFDC-91A3-4A17-B581-12CBBC4FE0F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1126CD28-73D9-4F31-8E37-9D7804897A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "24511FB5-0BCF-4407-9B96-CD78B54A9B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD0173D-F699-4864-8856-D1792BDA0F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71CD2D3B-8E24-4FD3-9546-21DFAADA0440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "82652BAD-AC45-424C-8D8B-E82C18EFD7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7CCA8BFD-E566-47AC-9183-08E0D22ACACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "9A16EA9C-4414-4FEB-AF20-1502FB02BD8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC2E53-5DE8-4A31-9B8A-79335DFBAFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B0F029E8-5507-41D8-9703-379C331ACEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "404AFC5C-20B4-41E5-ACDE-56626D68AFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "49F6A2BA-82DA-4AC9-8DD0-7FC14E1F08F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "51E8FC92-0C19-4C64-BA9F-51B43500B2DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F37D1380-965B-40E0-8A20-61FEA072B8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F873FABC-89D1-49C1-A6BC-ACEB230F4620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2B8BE811-5465-4153-B915-9F1BBE6E2133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D67F6099-D302-4823-A83F-9AD23F573F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "907B5E42-DB06-4834-B522-6B708E674122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "9EDAA418-2B5A-45C2-B767-D99037EB17F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "A7D7BAD4-AC39-4856-B784-823DD15AF80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E101B0FE-499F-44D8-8B68-BB7FEE40D2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "747D8CD1-EE12-48A4-A795-88BC66A8DA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80EE7785-CCA3-4AC6-980D-8C4E3E1C5A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0CA65453-4879-4DA8-8600-2F8ECFED548F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE201D-F31A-4738-B9AB-7BB11417990E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4B10D10-9494-4B9D-9A35-4D768A836ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9B00B086-3318-4B5A-801D-7428DA9DB6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6ED4EC-F860-47BD-B699-551FB5DBF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre1:*:*:*:*:*:*",
"matchCriteriaId": "75509078-F1EC-49A2-A644-5F8A6C02A24E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre2:*:*:*:*:*:*",
"matchCriteriaId": "7940D1FB-A283-43EF-AC9D-98DB7CCFEC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre3:*:*:*:*:*:*",
"matchCriteriaId": "805469B4-93CD-4007-9782-BEA976E6083A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3398823-1813-4D7B-9EC9-74222A240051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:pre1:*:*:*:*:*:*",
"matchCriteriaId": "7A5A50E4-21C1-4F9B-BB82-3D18D91C9161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0748D99F-D40E-4161-B561-DE0EA4A4375A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BFCA4BA0-633F-42CF-9A38-3036C0F147ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98B7895-BDB3-477C-8B34-88BD3E02EAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16638B6B-32FC-42A5-A7A2-0C43FE22F801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C195A011-5BAC-46B0-B57E-4B193D442601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A6F8C186-8240-4F5E-8D1E-D705FB87A309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5849DB3-69F8-428E-89D4-AAC932E6CF6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E842B21F-5163-445F-8285-A4AFD42A5D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED87C9D-5D46-48A1-B6C7-31F92C340C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B13961D0-754F-4EE9-A7B7-5D892AA9F1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB2E1B1-F394-463C-AB6F-8D3741D57A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "194D87BE-AFD2-4775-8234-0CC8E41BFEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "19449938-2B92-44AC-89B2-21F142E65928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:pre0:*:*:*:*:*:*",
"matchCriteriaId": "EFD15E92-3DB1-41F0-8AF4-94120394B97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "7E20EB81-E828-41AE-AC95-FEE91D0CA757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "04B642C3-1295-4E8D-B104-4291361FA540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E5CDF725-3D97-43A4-9775-D4D4203C6B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A64C7A4-A76D-4855-B96B-CCC3479B0E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:pre2:*:*:*:*:*:*",
"matchCriteriaId": "3A0CBD58-D037-4524-AE62-6961B096BB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "99F684A7-A7DD-45C4-8FF6-66FDCFDBCBBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0C15AE0F-E78D-4211-B5D1-83185A65FD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "851C27A0-32C4-4F01-ACE8-9C71686704EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "48532322-0172-4DDA-986F-2D5B0AB9833A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "29273C2E-8622-43F1-9222-5E037492DC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D0A3E995-8046-4B14-A22E-7ADDCBC3A43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F51F5333-4645-41E6-850E-D3EFC5B16A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B9886244-AFAA-40B5-958C-8D9AF28F3001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7E404ED1-94E0-4A2F-A9F7-F941FDB0782A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A88BCABC-A39D-41BA-9DB8-DBB67483450A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1EA8E78A-65E5-4A35-8CE5-589453DF4AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3D8F5FD8-232E-4025-A6EF-BFE453D3AF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DE047F80-1FC1-460E-9C48-8515D8E34558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "82F5BB46-9B6E-44D0-9049-02EEF8411FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46371C56-6120-414C-8F95-F5297753F6B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F45F2752-8B5B-489D-8BAC-654B79D55416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C1DC976B-1AB0-4DC4-AF6C-697CE06B9E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00AFB893-E37A-4E81-A984-66D677161D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "312703C9-7145-4599-8B2C-6EF7BC060A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E751061C-DFC1-4EB5-8FBB-20183C61E45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E439C79E-EDAB-42AE-850A-E81A6F321058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.80:*:*:*:*:*:*:*",
"matchCriteriaId": "137A7FA6-6007-4485-944B-89BB8BAC9BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFEA933-CCDC-4F56-B80B-75480893049A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.86:*:*:*:*:*:*:*",
"matchCriteriaId": "54C5A322-524D-475F-9343-B63C2581348D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA620414-F78C-49C2-AC29-7CCCCC15B4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A12FC95C-F9A7-4E47-AC07-F680D4436156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D6101EAE-CB0E-4AB2-BCDC-9B4354422940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46059518-DCCB-410A-B7FD-FAF5F9DF9498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB1FAAF6-4403-4A45-B0D8-F9E4752C0CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6E90C9D-CCEF-47CE-BED1-16BF37927998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13410E37-9A6A-4A33-BB97-6B4D96AA11FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02949074-A703-4F6E-BBA7-B79021A1377E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C440174-183B-423B-8E85-37E78EB43A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CED5D54-C62B-4543-9C36-D76489EA3CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B9A9DF7-8700-4CD4-9DAA-5368066F17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC116B6E-F6A7-4885-B592-635EE06B6E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9635AFA4-24E6-4893-8B4B-57FE811A758D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32BE1C0B-D379-4A51-8188-B660730539AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E768F1-80EA-4016-837E-9B92A3954F8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C35364B8-6BB7-439D-9450-08FB11639E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5315BD2E-AE5F-49F9-8451-0D2D64CE56B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "087B001A-78B6-46EB-8623-D8C680243867",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code and gain privileges via unspecified vectors, a different vulnerability than CVE-2011-4458 and CVE-2011-5093."
},
{
"lang": "es",
"value": "Best Practical Solutions RT 3.8.x anteriores a 3.8.12 y 4.x anteriores a 4.0.6 permite a atacantes remotos ejecutar c\u00f3digo arbitrario y escalar privilegios a trav\u00e9s de vectores de ataque sin especificar. Una vulnerabilidad distinta a la CVE-2011-4458 y CVE-2011-5093."
}
],
"id": "CVE-2011-5092",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-04T19:55:01.900",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-11 13:00
Modified
2025-04-11 00:51
Severity ?
Summary
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to a crafted link.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:preflight1:*:*:*:*:*:*",
"matchCriteriaId": "34A06E8A-1591-4ED9-AE0D-4A95E3327FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA620414-F78C-49C2-AC29-7CCCCC15B4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A12FC95C-F9A7-4E47-AC07-F680D4436156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D6101EAE-CB0E-4AB2-BCDC-9B4354422940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:preflight0:*:*:*:*:*:*",
"matchCriteriaId": "54941FC4-7DD6-4F6D-AA14-296045D55C44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46059518-DCCB-410A-B7FD-FAF5F9DF9498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB1FAAF6-4403-4A45-B0D8-F9E4752C0CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6E90C9D-CCEF-47CE-BED1-16BF37927998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13410E37-9A6A-4A33-BB97-6B4D96AA11FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02949074-A703-4F6E-BBA7-B79021A1377E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C440174-183B-423B-8E85-37E78EB43A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CED5D54-C62B-4543-9C36-D76489EA3CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B9A9DF7-8700-4CD4-9DAA-5368066F17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC116B6E-F6A7-4885-B592-635EE06B6E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9635AFA4-24E6-4893-8B4B-57FE811A758D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32BE1C0B-D379-4A51-8188-B660730539AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DDD10111-15EC-4749-BC02-97979FFFA370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E768F1-80EA-4016-837E-9B92A3954F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82B26A8A-701E-4144-BE4A-E7C886C2E7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2C19BF7A-B957-422B-8B93-DB1B986979AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C35364B8-6BB7-439D-9450-08FB11639E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B5E26C51-9F68-4A2E-9B91-CD90C91E1791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C4581C2F-8573-41DD-8730-864D66053BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4DC9BA2D-948D-42DE-A0AF-35BE5BE5F941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F478B6AB-8B47-46A2-BEA7-9FF24F4A7026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A7CA2655-8B75-4DFF-9B30-1B9839B87D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D976231-5D79-4C48-BFFA-39E3E7FE35A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F35ABA0F-6072-433E-AAA5-3B0BB219B404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "886BD643-B430-4E7A-BC33-50A1B01515D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C469BBE-00A5-4B19-91E4-5C5DF3210BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5315BD2E-AE5F-49F9-8451-0D2D64CE56B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "087B001A-78B6-46EB-8623-D8C680243867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E39EBCE5-FB2E-475E-9EF4-263416315A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5467F5A9-7FFE-4ED6-90A4-490D886B6F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A67F3E23-4345-449E-83C6-219A08412A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "20972E11-0401-4DA2-94D5-2A35F5E1AA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E81D1019-C2A1-47CA-B3C9-D208BFDE1391",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a \"confused deputy\" attack to bypass the CSRF warning protection mechanism and cause victims to \"modify arbitrary state\" via unknown vectors related to a crafted link."
},
{
"lang": "es",
"value": "Request Tracker (RT) 3.8.x antes de 3.8.15 y 4.0.x antes de 4.0.8 permite a atacantes remotos para llevar a cabo un ataque de \"delegado confuso\" al pasar por alto el mecanismo de protecci\u00f3n CSRF y causar v\u00edctimas a \"modificar el estado arbitrario\" a trav\u00e9s de vectores desconocidos relacionado con un enlace manipulado."
}
],
"id": "CVE-2012-4734",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-11T13:00:59.510",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/86709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/86709"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-23 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F478B6AB-8B47-46A2-BEA7-9FF24F4A7026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A7CA2655-8B75-4DFF-9B30-1B9839B87D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D976231-5D79-4C48-BFFA-39E3E7FE35A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F35ABA0F-6072-433E-AAA5-3B0BB219B404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "886BD643-B430-4E7A-BC33-50A1B01515D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C469BBE-00A5-4B19-91E4-5C5DF3210BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5315BD2E-AE5F-49F9-8451-0D2D64CE56B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "087B001A-78B6-46EB-8623-D8C680243867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E39EBCE5-FB2E-475E-9EF4-263416315A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5467F5A9-7FFE-4ED6-90A4-490D886B6F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "252B0169-58A5-4AF4-BB71-08D0A874B616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A67F3E23-4345-449E-83C6-219A08412A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BAFB3374-D0EA-4962-B2B6-4B7A336F874F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "20972E11-0401-4DA2-94D5-2A35F5E1AA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E81D1019-C2A1-47CA-B3C9-D208BFDE1391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "45AD36C4-069B-4A2F-ACAE-E2EF7BC1CA4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "15112BC0-8C03-4417-A0EB-123C326E6F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "685B747F-6C34-4D76-B1A3-652EF2480D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E6D6E2-13A1-4AF9-B1A2-414588CCBD35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:preflight1:*:*:*:*:*:*",
"matchCriteriaId": "34A06E8A-1591-4ED9-AE0D-4A95E3327FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA620414-F78C-49C2-AC29-7CCCCC15B4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A12FC95C-F9A7-4E47-AC07-F680D4436156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D6101EAE-CB0E-4AB2-BCDC-9B4354422940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:preflight0:*:*:*:*:*:*",
"matchCriteriaId": "54941FC4-7DD6-4F6D-AA14-296045D55C44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46059518-DCCB-410A-B7FD-FAF5F9DF9498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB1FAAF6-4403-4A45-B0D8-F9E4752C0CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6E90C9D-CCEF-47CE-BED1-16BF37927998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13410E37-9A6A-4A33-BB97-6B4D96AA11FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02949074-A703-4F6E-BBA7-B79021A1377E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C440174-183B-423B-8E85-37E78EB43A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CED5D54-C62B-4543-9C36-D76489EA3CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B9A9DF7-8700-4CD4-9DAA-5368066F17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC116B6E-F6A7-4885-B592-635EE06B6E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9635AFA4-24E6-4893-8B4B-57FE811A758D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32BE1C0B-D379-4A51-8188-B660730539AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DDD10111-15EC-4749-BC02-97979FFFA370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E768F1-80EA-4016-837E-9B92A3954F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82B26A8A-701E-4144-BE4A-E7C886C2E7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2C19BF7A-B957-422B-8B93-DB1B986979AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C35364B8-6BB7-439D-9450-08FB11639E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0A205895-B227-49C0-879A-72FB0BDA8A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B5E26C51-9F68-4A2E-9B91-CD90C91E1791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C4581C2F-8573-41DD-8730-864D66053BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5822BA44-EF00-43AD-80AF-5AF8719E0C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4DC9BA2D-948D-42DE-A0AF-35BE5BE5F941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AE10624B-CEC3-4851-8C40-04DEDB17A4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE28E11-DE45-44AF-929A-A0F48D14FBE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors."
},
{
"lang": "es",
"value": "Request Tracker (RT) v3.8.x anterior a v3.8.17 y v4.0.x anterior a v4.0.13 permite a atacantes remotos inyectar varias cabeceras HTTP Content-Disposition y, posiblemente, realizar ataques de cross-site scripting (XSS) a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-3372",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-23T16:55:07.293",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53505"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53522"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/93607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/93607"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-23 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, related to a "limited session re-use."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F478B6AB-8B47-46A2-BEA7-9FF24F4A7026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A7CA2655-8B75-4DFF-9B30-1B9839B87D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D976231-5D79-4C48-BFFA-39E3E7FE35A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F35ABA0F-6072-433E-AAA5-3B0BB219B404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "886BD643-B430-4E7A-BC33-50A1B01515D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C469BBE-00A5-4B19-91E4-5C5DF3210BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5315BD2E-AE5F-49F9-8451-0D2D64CE56B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "087B001A-78B6-46EB-8623-D8C680243867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E39EBCE5-FB2E-475E-9EF4-263416315A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5467F5A9-7FFE-4ED6-90A4-490D886B6F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "252B0169-58A5-4AF4-BB71-08D0A874B616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A67F3E23-4345-449E-83C6-219A08412A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BAFB3374-D0EA-4962-B2B6-4B7A336F874F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "20972E11-0401-4DA2-94D5-2A35F5E1AA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E81D1019-C2A1-47CA-B3C9-D208BFDE1391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "45AD36C4-069B-4A2F-ACAE-E2EF7BC1CA4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "15112BC0-8C03-4417-A0EB-123C326E6F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "685B747F-6C34-4D76-B1A3-652EF2480D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E6D6E2-13A1-4AF9-B1A2-414588CCBD35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:preflight1:*:*:*:*:*:*",
"matchCriteriaId": "34A06E8A-1591-4ED9-AE0D-4A95E3327FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA620414-F78C-49C2-AC29-7CCCCC15B4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A12FC95C-F9A7-4E47-AC07-F680D4436156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D6101EAE-CB0E-4AB2-BCDC-9B4354422940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:preflight0:*:*:*:*:*:*",
"matchCriteriaId": "54941FC4-7DD6-4F6D-AA14-296045D55C44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46059518-DCCB-410A-B7FD-FAF5F9DF9498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB1FAAF6-4403-4A45-B0D8-F9E4752C0CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6E90C9D-CCEF-47CE-BED1-16BF37927998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13410E37-9A6A-4A33-BB97-6B4D96AA11FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02949074-A703-4F6E-BBA7-B79021A1377E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C440174-183B-423B-8E85-37E78EB43A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CED5D54-C62B-4543-9C36-D76489EA3CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B9A9DF7-8700-4CD4-9DAA-5368066F17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC116B6E-F6A7-4885-B592-635EE06B6E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9635AFA4-24E6-4893-8B4B-57FE811A758D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32BE1C0B-D379-4A51-8188-B660730539AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DDD10111-15EC-4749-BC02-97979FFFA370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E768F1-80EA-4016-837E-9B92A3954F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82B26A8A-701E-4144-BE4A-E7C886C2E7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2C19BF7A-B957-422B-8B93-DB1B986979AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C35364B8-6BB7-439D-9450-08FB11639E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0A205895-B227-49C0-879A-72FB0BDA8A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B5E26C51-9F68-4A2E-9B91-CD90C91E1791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C4581C2F-8573-41DD-8730-864D66053BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5822BA44-EF00-43AD-80AF-5AF8719E0C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4DC9BA2D-948D-42DE-A0AF-35BE5BE5F941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AE10624B-CEC3-4851-8C40-04DEDB17A4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE28E11-DE45-44AF-929A-A0F48D14FBE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, related to a \"limited session re-use.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Request Tracker (RT) v3.8.x anterior a v3.8.17 y v4.0.x anterior a v4.0.13, cuando se utiliza el almacenamiento de sesiones Apache::Session::File, permite a atacantes remotos obtener informaci\u00f3n sensible (las preferencias del usuario y las memorias cach\u00e9) a trav\u00e9s de vectores desconocidos relacionados con una \"reutilizaci\u00f3n de sesi\u00f3n limitada.\""
}
],
"id": "CVE-2013-3374",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-23T16:55:07.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53505"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53522"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/93605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/93605"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-28 16:00
Modified
2025-04-11 00:51
Severity ?
Summary
Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:*:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A1369FE3-D1CC-4A6B-9D5B-796B1BAFE1AF",
"versionEndIncluding": "3.8.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "798C7256-C8A7-46EA-BE0C-685620CF78AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC812A18-628E-4EFA-95C7-010694423894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05EFCBF0-4447-4457-92B9-587A28C2D8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9A6E50-5666-48BF-8FD7-2668D8AD7344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "915FBC54-78F1-43AC-8394-AA25BC9F88F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6F083E35-4189-45E9-A1A1-9062C88ED144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C9869E-5949-4C1E-AED7-3A8FB3C133F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2090D7-2796-44E9-8330-CE874E9514E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B558A64D-2E06-416C-85F5-AAFFD18096D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A24FF7-A1B0-4998-A0F8-6E5D70901299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F01659AA-9146-4238-9FEE-70D345D31094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA74674-D04E-4458-ADF0-C733E9592B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F4ACD97-35AD-4E23-83FC-E39016936EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF589DDB-4348-4A55-9468-DBB5F03C82F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C59D941-22C2-41A7-B9BA-4CBDA3E71F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB507C08-D3CC-4AC8-9BAC-EED9FD09E1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A50288EA-2628-47D7-9F25-EE514B9083F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "91868A78-C6C7-4C03-95B3-755816F8C663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B4383B-20C5-4620-8107-255AD3D45D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09A128B7-AA70-49DD-A20E-B9BB7D23A4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "88EFA7E0-C472-4E93-8E38-98DFCCD37EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6E6381E7-1C01-4239-A02F-C6DB5D775F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4120F4E4-E4EB-434C-9764-370102198554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E1CA0866-CC49-4956-9493-849069B4485B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "565B7E66-BD96-419A-8EC2-FE971BDC47A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC1443B-50C8-4E98-9900-CACFEA5AD00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F451959A-5305-4210-977B-6B396BC0A4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA418CF5-49D6-4E0E-A1B5-8CB23752989D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E238F87-8D8C-4E62-A8F0-3DB9EFDB8328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD8A7EF-5DB8-40C6-9124-A97A23B3EA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD553B8-8495-47E5-A543-4DC963B3511A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "28ADB191-4787-4FDB-B70A-F4C8BDF0F4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2772389A-9BCD-4B13-88C8-75BC64E40AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F9D05F-C86D-40D8-A7D9-5448918B72DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "311485DA-5381-4EAD-AF58-B8C67373413A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAF6671-8C77-448B-BF29-E2CF51176CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B55D762D-A723-435C-8D80-F7230F1648D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC63EDC-541E-445D-8B72-799E4184B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E6196E-4A90-4F64-BA99-A8E04A09D5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7CE86-3FCD-472E-BF01-31FFB36701BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B3F0B2-8C70-4046-AAA0-FBD344FE4DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD0173D-F699-4864-8856-D1792BDA0F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC2E53-5DE8-4A31-9B8A-79335DFBAFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "404AFC5C-20B4-41E5-ACDE-56626D68AFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F37D1380-965B-40E0-8A20-61FEA072B8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E101B0FE-499F-44D8-8B68-BB7FEE40D2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "747D8CD1-EE12-48A4-A795-88BC66A8DA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE201D-F31A-4738-B9AB-7BB11417990E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6ED4EC-F860-47BD-B699-551FB5DBF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3398823-1813-4D7B-9EC9-74222A240051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98B7895-BDB3-477C-8B34-88BD3E02EAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00AFB893-E37A-4E81-A984-66D677161D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging."
},
{
"lang": "es",
"value": "Scrips_Overlay.pm en Best Practical Solutions RT anterior a v3.8.9 no restringe el acceso adecuadamente a TicketObj en un Scrip despu\u00e9s de un cambio en CurrentUser, lo que permite a usuarios autenticados obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados, como se demostr\u00f3 por el valor de informaci\u00f3n custom-field, relacionado con el registro SQL."
}
],
"id": "CVE-2011-1008",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-28T16:00:01.680",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614576"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/12"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/02/23/22"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/02/24/7"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/02/24/8"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/02/24/9"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/71011"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43438"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0475"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65772"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/bestpractical/rt/commit/2338cd19ed7a7f4c1e94f639ab2789d6586d01f3"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/02/23/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/02/24/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/02/24/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/02/24/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/71011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/bestpractical/rt/commit/2338cd19ed7a7f4c1e94f639ab2789d6586d01f3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-02 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a related issue to CVE-2009-3585.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | rt | 3.0.1 | |
| bestpractical | rt | 3.0.2 | |
| bestpractical | rt | 3.0.3 | |
| bestpractical | rt | 3.0.4 | |
| bestpractical | rt | 3.0.5 | |
| bestpractical | rt | 3.0.6 | |
| bestpractical | rt | 3.0.7 | |
| bestpractical | rt | 3.0.7.1 | |
| bestpractical | rt | 3.0.8 | |
| bestpractical | rt | 3.0.9 | |
| bestpractical | rt | 3.0.10 | |
| bestpractical | rt | 3.0.11 | |
| bestpractical | rt | 3.0.12 | |
| bestpractical | rt | 3.2.0 | |
| bestpractical | rt | 3.2.1 | |
| bestpractical | rt | 3.2.2 | |
| bestpractical | rt | 3.2.3 | |
| bestpractical | rt | 3.4.0 | |
| bestpractical | rt | 3.4.1 | |
| bestpractical | rt | 3.4.2 | |
| bestpractical | rt | 3.4.3 | |
| bestpractical | rt | 3.4.4 | |
| bestpractical | rt | 3.4.5 | |
| bestpractical | rt | 3.4.6 | |
| bestpractical | rt | 3.6.0 | |
| bestpractical | rt | 3.6.1 | |
| bestpractical | rt | 3.6.2 | |
| bestpractical | rt | 3.6.3 | |
| bestpractical | rt | 3.6.4 | |
| bestpractical | rt | 3.6.5 | |
| bestpractical | rt | 3.6.6 | |
| bestpractical | rt | 3.6.7 | |
| bestpractical | rt | 3.6.8 | |
| bestpractical | rt | 3.6.9 | |
| bestpractical | rt | 3.8.0 | |
| bestpractical | rt | 3.8.1 | |
| bestpractical | rt | 3.8.2 | |
| bestpractical | rt | 3.8.3 | |
| bestpractical | rt | 3.8.4 | |
| bestpractical | rt | 3.8.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA418CF5-49D6-4E0E-A1B5-8CB23752989D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E238F87-8D8C-4E62-A8F0-3DB9EFDB8328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD8A7EF-5DB8-40C6-9124-A97A23B3EA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD553B8-8495-47E5-A543-4DC963B3511A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "28ADB191-4787-4FDB-B70A-F4C8BDF0F4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2772389A-9BCD-4B13-88C8-75BC64E40AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F9D05F-C86D-40D8-A7D9-5448918B72DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "311485DA-5381-4EAD-AF58-B8C67373413A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAF6671-8C77-448B-BF29-E2CF51176CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B55D762D-A723-435C-8D80-F7230F1648D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC63EDC-541E-445D-8B72-799E4184B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E6196E-4A90-4F64-BA99-A8E04A09D5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7CE86-3FCD-472E-BF01-31FFB36701BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B3F0B2-8C70-4046-AAA0-FBD344FE4DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD0173D-F699-4864-8856-D1792BDA0F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC2E53-5DE8-4A31-9B8A-79335DFBAFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "404AFC5C-20B4-41E5-ACDE-56626D68AFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F37D1380-965B-40E0-8A20-61FEA072B8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E101B0FE-499F-44D8-8B68-BB7FEE40D2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "747D8CD1-EE12-48A4-A795-88BC66A8DA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE201D-F31A-4738-B9AB-7BB11417990E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6ED4EC-F860-47BD-B699-551FB5DBF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3398823-1813-4D7B-9EC9-74222A240051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98B7895-BDB3-477C-8B34-88BD3E02EAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00AFB893-E37A-4E81-A984-66D677161D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages \"HTTP access to the RT server,\" a related issue to CVE-2009-3585."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en /Elements/SetupSessionCookie en Best Practical Solutions RT v3.0.0 a la v3.6.9 y v3.8.x a la v3.8.5, permite a atacantes remotos secuestrar sesiones web manipulando el identificador de sesi\u00f3n lo que permite \"Un acceso HTTP al servidor RT\". Relacionado con el CVE-2009-3585."
}
],
"id": "CVE-2009-4151",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-02T16:30:00.670",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bestpractical.typepad.com/files/rt-3.0.0-session_fixation.v3.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bestpractical.typepad.com/files/rt-3.0.1-3.0.6-session_fixation.v3.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bestpractical.typepad.com/files/rt-3.0.7-3.6.1-session_fixation.v3.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bestpractical.typepad.com/files/rt-3.6.2-3.6.3-session_fixation.v3.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bestpractical.typepad.com/files/rt-3.6.4-3.6.9-session_fixation.v2.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bestpractical.typepad.com/files/rt-3.8-session_fixation.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://blog.bestpractical.com/2009/11/session-fixation-vulnerability.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000176.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000177.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37546"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/37728"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37162"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54472"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00761.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00794.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00832.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bestpractical.typepad.com/files/rt-3.0.0-session_fixation.v3.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bestpractical.typepad.com/files/rt-3.0.1-3.0.6-session_fixation.v3.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bestpractical.typepad.com/files/rt-3.0.7-3.6.1-session_fixation.v3.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bestpractical.typepad.com/files/rt-3.6.2-3.6.3-session_fixation.v3.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bestpractical.typepad.com/files/rt-3.6.4-3.6.9-session_fixation.v2.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bestpractical.typepad.com/files/rt-3.8-session_fixation.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://blog.bestpractical.com/2009/11/session-fixation-vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000176.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000177.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00761.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00794.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00832.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-23 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.0 | |
| bestpractical | rt | 4.0.1 | |
| bestpractical | rt | 4.0.1 | |
| bestpractical | rt | 4.0.1 | |
| bestpractical | rt | 4.0.2 | |
| bestpractical | rt | 4.0.2 | |
| bestpractical | rt | 4.0.2 | |
| bestpractical | rt | 4.0.3 | |
| bestpractical | rt | 4.0.10 | |
| bestpractical | rt | 4.0.11 | |
| bestpractical | rt | 4.0.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F478B6AB-8B47-46A2-BEA7-9FF24F4A7026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A7CA2655-8B75-4DFF-9B30-1B9839B87D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D976231-5D79-4C48-BFFA-39E3E7FE35A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F35ABA0F-6072-433E-AAA5-3B0BB219B404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "15112BC0-8C03-4417-A0EB-123C326E6F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "685B747F-6C34-4D76-B1A3-652EF2480D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E6D6E2-13A1-4AF9-B1A2-414588CCBD35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and \"custom lifecycle transition\" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors."
},
{
"lang": "es",
"value": "Request Tracker (RT) v4.x anterior a v4.0.13 no aplica adecuadamente el permiso DeleteTicket y \"la transici\u00f3n del ciclo de vida personalizado\", lo que permite a usuarios remotos autenticados con el permiso ModifyTicket suprimir entradas a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-4733",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-23T16:55:06.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53522"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/93611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/93611"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-04 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F451959A-5305-4210-977B-6B396BC0A4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA418CF5-49D6-4E0E-A1B5-8CB23752989D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E238F87-8D8C-4E62-A8F0-3DB9EFDB8328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD8A7EF-5DB8-40C6-9124-A97A23B3EA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD553B8-8495-47E5-A543-4DC963B3511A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "28ADB191-4787-4FDB-B70A-F4C8BDF0F4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2772389A-9BCD-4B13-88C8-75BC64E40AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F9D05F-C86D-40D8-A7D9-5448918B72DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "311485DA-5381-4EAD-AF58-B8C67373413A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAF6671-8C77-448B-BF29-E2CF51176CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B55D762D-A723-435C-8D80-F7230F1648D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC63EDC-541E-445D-8B72-799E4184B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:pre1:*:*:*:*:*:*",
"matchCriteriaId": "0EF72E77-6239-4DAB-945C-4B13700E78E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:pre2:*:*:*:*:*:*",
"matchCriteriaId": "8355F0C0-4DA0-41AC-8051-2C04D9999685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3A5B2131-A083-4B8A-8B45-F8A8BEF06BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E6196E-4A90-4F64-BA99-A8E04A09D5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E61CEFCD-49F2-465F-AB2C-97DC18D1543B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FCA20CA1-D33C-4609-A281-ED5A4D92E2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3EF32CB2-6057-4DFF-8E6A-72B1E2E01D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7CE86-3FCD-472E-BF01-31FFB36701BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A295B774-B2C6-4AE0-882A-B66DF14C0074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A01B64B7-0FCB-4B5E-85E0-DA56F1435ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0343F2B3-AF01-426D-8C01-AFB5C9030E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE952D4-9007-4FE0-A58D-B0A225458C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF07E00-0662-4A28-A5B8-AA1813545E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "58E23D2E-3AF8-4D6B-BFE3-16E48BC85809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE28027-A500-454E-85F8-A2C8D2E34EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB2CF89-FB9B-4C8A-8590-6FC29CADD8B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "69AA8284-4A34-4748-B8B3-9EE57FC58032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5D488FC4-78E4-46D4-A752-89070583077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFB43D5-E6FF-47F9-8D6A-3B6B36417D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5D853DB7-318F-4EAD-BC10-D7C941AE8841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AB92945C-3DE7-43C5-A871-DBCE5E82F945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "338B3ECA-954D-4909-96FC-B15B0E5A36D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "78414EA2-BDC0-4E6F-976A-F6E1F88E79EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B3F0B2-8C70-4046-AAA0-FBD344FE4DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2D97508D-348E-46A3-8007-4D81084687D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4A6BBFDC-91A3-4A17-B581-12CBBC4FE0F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1126CD28-73D9-4F31-8E37-9D7804897A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "24511FB5-0BCF-4407-9B96-CD78B54A9B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD0173D-F699-4864-8856-D1792BDA0F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71CD2D3B-8E24-4FD3-9546-21DFAADA0440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "82652BAD-AC45-424C-8D8B-E82C18EFD7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7CCA8BFD-E566-47AC-9183-08E0D22ACACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "9A16EA9C-4414-4FEB-AF20-1502FB02BD8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC2E53-5DE8-4A31-9B8A-79335DFBAFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B0F029E8-5507-41D8-9703-379C331ACEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "404AFC5C-20B4-41E5-ACDE-56626D68AFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "49F6A2BA-82DA-4AC9-8DD0-7FC14E1F08F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "51E8FC92-0C19-4C64-BA9F-51B43500B2DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F37D1380-965B-40E0-8A20-61FEA072B8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F873FABC-89D1-49C1-A6BC-ACEB230F4620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2B8BE811-5465-4153-B915-9F1BBE6E2133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D67F6099-D302-4823-A83F-9AD23F573F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "907B5E42-DB06-4834-B522-6B708E674122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "9EDAA418-2B5A-45C2-B767-D99037EB17F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "A7D7BAD4-AC39-4856-B784-823DD15AF80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E101B0FE-499F-44D8-8B68-BB7FEE40D2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "747D8CD1-EE12-48A4-A795-88BC66A8DA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80EE7785-CCA3-4AC6-980D-8C4E3E1C5A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0CA65453-4879-4DA8-8600-2F8ECFED548F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE201D-F31A-4738-B9AB-7BB11417990E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4B10D10-9494-4B9D-9A35-4D768A836ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9B00B086-3318-4B5A-801D-7428DA9DB6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6ED4EC-F860-47BD-B699-551FB5DBF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre1:*:*:*:*:*:*",
"matchCriteriaId": "75509078-F1EC-49A2-A644-5F8A6C02A24E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre2:*:*:*:*:*:*",
"matchCriteriaId": "7940D1FB-A283-43EF-AC9D-98DB7CCFEC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre3:*:*:*:*:*:*",
"matchCriteriaId": "805469B4-93CD-4007-9782-BEA976E6083A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3398823-1813-4D7B-9EC9-74222A240051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:pre1:*:*:*:*:*:*",
"matchCriteriaId": "7A5A50E4-21C1-4F9B-BB82-3D18D91C9161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0748D99F-D40E-4161-B561-DE0EA4A4375A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BFCA4BA0-633F-42CF-9A38-3036C0F147ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98B7895-BDB3-477C-8B34-88BD3E02EAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16638B6B-32FC-42A5-A7A2-0C43FE22F801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C195A011-5BAC-46B0-B57E-4B193D442601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A6F8C186-8240-4F5E-8D1E-D705FB87A309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5849DB3-69F8-428E-89D4-AAC932E6CF6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E842B21F-5163-445F-8285-A4AFD42A5D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED87C9D-5D46-48A1-B6C7-31F92C340C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B13961D0-754F-4EE9-A7B7-5D892AA9F1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB2E1B1-F394-463C-AB6F-8D3741D57A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "194D87BE-AFD2-4775-8234-0CC8E41BFEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "19449938-2B92-44AC-89B2-21F142E65928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:pre0:*:*:*:*:*:*",
"matchCriteriaId": "EFD15E92-3DB1-41F0-8AF4-94120394B97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "7E20EB81-E828-41AE-AC95-FEE91D0CA757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "04B642C3-1295-4E8D-B104-4291361FA540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E5CDF725-3D97-43A4-9775-D4D4203C6B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A64C7A4-A76D-4855-B96B-CCC3479B0E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:pre2:*:*:*:*:*:*",
"matchCriteriaId": "3A0CBD58-D037-4524-AE62-6961B096BB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "99F684A7-A7DD-45C4-8FF6-66FDCFDBCBBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0C15AE0F-E78D-4211-B5D1-83185A65FD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "851C27A0-32C4-4F01-ACE8-9C71686704EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "48532322-0172-4DDA-986F-2D5B0AB9833A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "29273C2E-8622-43F1-9222-5E037492DC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D0A3E995-8046-4B14-A22E-7ADDCBC3A43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F51F5333-4645-41E6-850E-D3EFC5B16A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B9886244-AFAA-40B5-958C-8D9AF28F3001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7E404ED1-94E0-4A2F-A9F7-F941FDB0782A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A88BCABC-A39D-41BA-9DB8-DBB67483450A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1EA8E78A-65E5-4A35-8CE5-589453DF4AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3D8F5FD8-232E-4025-A6EF-BFE453D3AF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DE047F80-1FC1-460E-9C48-8515D8E34558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "82F5BB46-9B6E-44D0-9049-02EEF8411FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46371C56-6120-414C-8F95-F5297753F6B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F45F2752-8B5B-489D-8BAC-654B79D55416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C1DC976B-1AB0-4DC4-AF6C-697CE06B9E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00AFB893-E37A-4E81-A984-66D677161D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "312703C9-7145-4599-8B2C-6EF7BC060A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E751061C-DFC1-4EB5-8FBB-20183C61E45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E439C79E-EDAB-42AE-850A-E81A6F321058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.80:*:*:*:*:*:*:*",
"matchCriteriaId": "137A7FA6-6007-4485-944B-89BB8BAC9BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFEA933-CCDC-4F56-B80B-75480893049A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.86:*:*:*:*:*:*:*",
"matchCriteriaId": "54C5A322-524D-475F-9343-B63C2581348D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA620414-F78C-49C2-AC29-7CCCCC15B4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A12FC95C-F9A7-4E47-AC07-F680D4436156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D6101EAE-CB0E-4AB2-BCDC-9B4354422940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46059518-DCCB-410A-B7FD-FAF5F9DF9498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB1FAAF6-4403-4A45-B0D8-F9E4752C0CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6E90C9D-CCEF-47CE-BED1-16BF37927998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13410E37-9A6A-4A33-BB97-6B4D96AA11FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02949074-A703-4F6E-BBA7-B79021A1377E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C440174-183B-423B-8E85-37E78EB43A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CED5D54-C62B-4543-9C36-D76489EA3CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B9A9DF7-8700-4CD4-9DAA-5368066F17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC116B6E-F6A7-4885-B592-635EE06B6E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9635AFA4-24E6-4893-8B4B-57FE811A758D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32BE1C0B-D379-4A51-8188-B660730539AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E768F1-80EA-4016-837E-9B92A3954F8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C35364B8-6BB7-439D-9450-08FB11639E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5315BD2E-AE5F-49F9-8451-0D2D64CE56B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "087B001A-78B6-46EB-8623-D8C680243867",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Best Practical Solutions RT v3.x anteriores a v3.8.12 y v4.x anteriores a v4.0.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-2083",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-06-04T19:55:01.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/49259"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53660"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-22 10:55
Modified
2025-04-11 00:51
Severity ?
Summary
Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F451959A-5305-4210-977B-6B396BC0A4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA418CF5-49D6-4E0E-A1B5-8CB23752989D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E238F87-8D8C-4E62-A8F0-3DB9EFDB8328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD8A7EF-5DB8-40C6-9124-A97A23B3EA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD553B8-8495-47E5-A543-4DC963B3511A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "28ADB191-4787-4FDB-B70A-F4C8BDF0F4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2772389A-9BCD-4B13-88C8-75BC64E40AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F9D05F-C86D-40D8-A7D9-5448918B72DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "311485DA-5381-4EAD-AF58-B8C67373413A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAF6671-8C77-448B-BF29-E2CF51176CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B55D762D-A723-435C-8D80-F7230F1648D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC63EDC-541E-445D-8B72-799E4184B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E6196E-4A90-4F64-BA99-A8E04A09D5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7CE86-3FCD-472E-BF01-31FFB36701BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B3F0B2-8C70-4046-AAA0-FBD344FE4DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD0173D-F699-4864-8856-D1792BDA0F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC2E53-5DE8-4A31-9B8A-79335DFBAFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "404AFC5C-20B4-41E5-ACDE-56626D68AFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F37D1380-965B-40E0-8A20-61FEA072B8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E101B0FE-499F-44D8-8B68-BB7FEE40D2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "747D8CD1-EE12-48A4-A795-88BC66A8DA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE201D-F31A-4738-B9AB-7BB11417990E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6ED4EC-F860-47BD-B699-551FB5DBF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3398823-1813-4D7B-9EC9-74222A240051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98B7895-BDB3-477C-8B34-88BD3E02EAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00AFB893-E37A-4E81-A984-66D677161D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "312703C9-7145-4599-8B2C-6EF7BC060A07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords."
},
{
"lang": "es",
"value": "Best Practical Solutions RT v2.0.0 hasta v3.6.10, v3.8.0 hasta v3.8.9, y v4.0.0rc hasta 4.0.0rc7 permite a usuarios remotos autenticados, obtener informaci\u00f3n confidencial mediante el uso de la interfaz de b\u00fasqueda, como lo demuestra la recuperaci\u00f3n de contrase\u00f1as codificadas."
}
],
"id": "CVE-2011-1687",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-22T10:55:02.390",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44189"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47383"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66793"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-04 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B558A64D-2E06-416C-85F5-AAFFD18096D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A24FF7-A1B0-4998-A0F8-6E5D70901299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F01659AA-9146-4238-9FEE-70D345D31094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA74674-D04E-4458-ADF0-C733E9592B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F4ACD97-35AD-4E23-83FC-E39016936EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF589DDB-4348-4A55-9468-DBB5F03C82F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C59D941-22C2-41A7-B9BA-4CBDA3E71F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB507C08-D3CC-4AC8-9BAC-EED9FD09E1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A50288EA-2628-47D7-9F25-EE514B9083F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "91868A78-C6C7-4C03-95B3-755816F8C663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B4383B-20C5-4620-8107-255AD3D45D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09A128B7-AA70-49DD-A20E-B9BB7D23A4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "88EFA7E0-C472-4E93-8E38-98DFCCD37EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6E6381E7-1C01-4239-A02F-C6DB5D775F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4120F4E4-E4EB-434C-9764-370102198554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E1CA0866-CC49-4956-9493-849069B4485B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "565B7E66-BD96-419A-8EC2-FE971BDC47A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC1443B-50C8-4E98-9900-CACFEA5AD00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F451959A-5305-4210-977B-6B396BC0A4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA418CF5-49D6-4E0E-A1B5-8CB23752989D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E238F87-8D8C-4E62-A8F0-3DB9EFDB8328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD8A7EF-5DB8-40C6-9124-A97A23B3EA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD553B8-8495-47E5-A543-4DC963B3511A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "28ADB191-4787-4FDB-B70A-F4C8BDF0F4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2772389A-9BCD-4B13-88C8-75BC64E40AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F9D05F-C86D-40D8-A7D9-5448918B72DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "311485DA-5381-4EAD-AF58-B8C67373413A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAF6671-8C77-448B-BF29-E2CF51176CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B55D762D-A723-435C-8D80-F7230F1648D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC63EDC-541E-445D-8B72-799E4184B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:pre1:*:*:*:*:*:*",
"matchCriteriaId": "0EF72E77-6239-4DAB-945C-4B13700E78E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:pre2:*:*:*:*:*:*",
"matchCriteriaId": "8355F0C0-4DA0-41AC-8051-2C04D9999685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3A5B2131-A083-4B8A-8B45-F8A8BEF06BF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E6196E-4A90-4F64-BA99-A8E04A09D5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E61CEFCD-49F2-465F-AB2C-97DC18D1543B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FCA20CA1-D33C-4609-A281-ED5A4D92E2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3EF32CB2-6057-4DFF-8E6A-72B1E2E01D6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7CE86-3FCD-472E-BF01-31FFB36701BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A295B774-B2C6-4AE0-882A-B66DF14C0074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A01B64B7-0FCB-4B5E-85E0-DA56F1435ECF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0343F2B3-AF01-426D-8C01-AFB5C9030E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE952D4-9007-4FE0-A58D-B0A225458C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF07E00-0662-4A28-A5B8-AA1813545E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "58E23D2E-3AF8-4D6B-BFE3-16E48BC85809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE28027-A500-454E-85F8-A2C8D2E34EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB2CF89-FB9B-4C8A-8590-6FC29CADD8B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "69AA8284-4A34-4748-B8B3-9EE57FC58032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5D488FC4-78E4-46D4-A752-89070583077D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3EFB43D5-E6FF-47F9-8D6A-3B6B36417D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5D853DB7-318F-4EAD-BC10-D7C941AE8841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AB92945C-3DE7-43C5-A871-DBCE5E82F945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "338B3ECA-954D-4909-96FC-B15B0E5A36D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "78414EA2-BDC0-4E6F-976A-F6E1F88E79EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B3F0B2-8C70-4046-AAA0-FBD344FE4DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2D97508D-348E-46A3-8007-4D81084687D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4A6BBFDC-91A3-4A17-B581-12CBBC4FE0F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1126CD28-73D9-4F31-8E37-9D7804897A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "24511FB5-0BCF-4407-9B96-CD78B54A9B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD0173D-F699-4864-8856-D1792BDA0F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "71CD2D3B-8E24-4FD3-9546-21DFAADA0440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "82652BAD-AC45-424C-8D8B-E82C18EFD7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7CCA8BFD-E566-47AC-9183-08E0D22ACACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "9A16EA9C-4414-4FEB-AF20-1502FB02BD8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC2E53-5DE8-4A31-9B8A-79335DFBAFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B0F029E8-5507-41D8-9703-379C331ACEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "404AFC5C-20B4-41E5-ACDE-56626D68AFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "49F6A2BA-82DA-4AC9-8DD0-7FC14E1F08F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "51E8FC92-0C19-4C64-BA9F-51B43500B2DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F37D1380-965B-40E0-8A20-61FEA072B8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F873FABC-89D1-49C1-A6BC-ACEB230F4620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2B8BE811-5465-4153-B915-9F1BBE6E2133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D67F6099-D302-4823-A83F-9AD23F573F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "907B5E42-DB06-4834-B522-6B708E674122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "9EDAA418-2B5A-45C2-B767-D99037EB17F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "A7D7BAD4-AC39-4856-B784-823DD15AF80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E101B0FE-499F-44D8-8B68-BB7FEE40D2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "747D8CD1-EE12-48A4-A795-88BC66A8DA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "80EE7785-CCA3-4AC6-980D-8C4E3E1C5A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0CA65453-4879-4DA8-8600-2F8ECFED548F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE201D-F31A-4738-B9AB-7BB11417990E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4B10D10-9494-4B9D-9A35-4D768A836ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9B00B086-3318-4B5A-801D-7428DA9DB6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6ED4EC-F860-47BD-B699-551FB5DBF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre1:*:*:*:*:*:*",
"matchCriteriaId": "75509078-F1EC-49A2-A644-5F8A6C02A24E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre2:*:*:*:*:*:*",
"matchCriteriaId": "7940D1FB-A283-43EF-AC9D-98DB7CCFEC2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:pre3:*:*:*:*:*:*",
"matchCriteriaId": "805469B4-93CD-4007-9782-BEA976E6083A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3398823-1813-4D7B-9EC9-74222A240051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:pre1:*:*:*:*:*:*",
"matchCriteriaId": "7A5A50E4-21C1-4F9B-BB82-3D18D91C9161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0748D99F-D40E-4161-B561-DE0EA4A4375A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "BFCA4BA0-633F-42CF-9A38-3036C0F147ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98B7895-BDB3-477C-8B34-88BD3E02EAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "16638B6B-32FC-42A5-A7A2-0C43FE22F801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C195A011-5BAC-46B0-B57E-4B193D442601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A6F8C186-8240-4F5E-8D1E-D705FB87A309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5849DB3-69F8-428E-89D4-AAC932E6CF6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E842B21F-5163-445F-8285-A4AFD42A5D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED87C9D-5D46-48A1-B6C7-31F92C340C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B13961D0-754F-4EE9-A7B7-5D892AA9F1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AAB2E1B1-F394-463C-AB6F-8D3741D57A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "194D87BE-AFD2-4775-8234-0CC8E41BFEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "19449938-2B92-44AC-89B2-21F142E65928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:pre0:*:*:*:*:*:*",
"matchCriteriaId": "EFD15E92-3DB1-41F0-8AF4-94120394B97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "7E20EB81-E828-41AE-AC95-FEE91D0CA757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "04B642C3-1295-4E8D-B104-4291361FA540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E5CDF725-3D97-43A4-9775-D4D4203C6B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9A64C7A4-A76D-4855-B96B-CCC3479B0E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:pre2:*:*:*:*:*:*",
"matchCriteriaId": "3A0CBD58-D037-4524-AE62-6961B096BB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "99F684A7-A7DD-45C4-8FF6-66FDCFDBCBBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0C15AE0F-E78D-4211-B5D1-83185A65FD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "851C27A0-32C4-4F01-ACE8-9C71686704EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "48532322-0172-4DDA-986F-2D5B0AB9833A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "29273C2E-8622-43F1-9222-5E037492DC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:rc5:*:*:*:*:*:*",
"matchCriteriaId": "D0A3E995-8046-4B14-A22E-7ADDCBC3A43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F51F5333-4645-41E6-850E-D3EFC5B16A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B9886244-AFAA-40B5-958C-8D9AF28F3001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "7E404ED1-94E0-4A2F-A9F7-F941FDB0782A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A88BCABC-A39D-41BA-9DB8-DBB67483450A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1EA8E78A-65E5-4A35-8CE5-589453DF4AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3D8F5FD8-232E-4025-A6EF-BFE453D3AF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DE047F80-1FC1-460E-9C48-8515D8E34558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "82F5BB46-9B6E-44D0-9049-02EEF8411FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46371C56-6120-414C-8F95-F5297753F6B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F45F2752-8B5B-489D-8BAC-654B79D55416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C1DC976B-1AB0-4DC4-AF6C-697CE06B9E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00AFB893-E37A-4E81-A984-66D677161D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "312703C9-7145-4599-8B2C-6EF7BC060A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E751061C-DFC1-4EB5-8FBB-20183C61E45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E439C79E-EDAB-42AE-850A-E81A6F321058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.80:*:*:*:*:*:*:*",
"matchCriteriaId": "137A7FA6-6007-4485-944B-89BB8BAC9BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFEA933-CCDC-4F56-B80B-75480893049A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.7.86:*:*:*:*:*:*:*",
"matchCriteriaId": "54C5A322-524D-475F-9343-B63C2581348D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA620414-F78C-49C2-AC29-7CCCCC15B4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A12FC95C-F9A7-4E47-AC07-F680D4436156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D6101EAE-CB0E-4AB2-BCDC-9B4354422940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46059518-DCCB-410A-B7FD-FAF5F9DF9498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB1FAAF6-4403-4A45-B0D8-F9E4752C0CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6E90C9D-CCEF-47CE-BED1-16BF37927998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13410E37-9A6A-4A33-BB97-6B4D96AA11FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02949074-A703-4F6E-BBA7-B79021A1377E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C440174-183B-423B-8E85-37E78EB43A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CED5D54-C62B-4543-9C36-D76489EA3CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B9A9DF7-8700-4CD4-9DAA-5368066F17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC116B6E-F6A7-4885-B592-635EE06B6E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9635AFA4-24E6-4893-8B4B-57FE811A758D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32BE1C0B-D379-4A51-8188-B660730539AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E768F1-80EA-4016-837E-9B92A3954F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5315BD2E-AE5F-49F9-8451-0D2D64CE56B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "087B001A-78B6-46EB-8623-D8C680243867",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Best Practical Solutions RT 2.x y 3.x anteriores a 3.8.12 y 4.x anteriores 4.0.6. Permite a usuarios remotos ejecutar comandos SQL de su elecci\u00f3n utilizando el acceso a una cuenta privilegiada."
}
],
"id": "CVE-2011-4460",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-04T19:55:01.853",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/82136"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/49259"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53660"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/82136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75824"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-08-06 18:41
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service (CPU or memory consumption) via unspecified vectors related to the Devel::StackTrace module for Perl.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bestpractical | rt | 3.0.0 | |
| bestpractical | rt | 3.0.1 | |
| bestpractical | rt | 3.0.2 | |
| bestpractical | rt | 3.0.3 | |
| bestpractical | rt | 3.0.4 | |
| bestpractical | rt | 3.0.5 | |
| bestpractical | rt | 3.0.6 | |
| bestpractical | rt | 3.0.7 | |
| bestpractical | rt | 3.0.7.1 | |
| bestpractical | rt | 3.0.8 | |
| bestpractical | rt | 3.0.9 | |
| bestpractical | rt | 3.0.10 | |
| bestpractical | rt | 3.0.11 | |
| bestpractical | rt | 3.0.12 | |
| bestpractical | rt | 3.2.0 | |
| bestpractical | rt | 3.2.1 | |
| bestpractical | rt | 3.2.2 | |
| bestpractical | rt | 3.2.3 | |
| bestpractical | rt | 3.4.0 | |
| bestpractical | rt | 3.4.1 | |
| bestpractical | rt | 3.4.2 | |
| bestpractical | rt | 3.4.3 | |
| bestpractical | rt | 3.4.4 | |
| bestpractical | rt | 3.4.5 | |
| bestpractical | rt | 3.4.6 | |
| bestpractical | rt | 3.6.0 | |
| bestpractical | rt | 3.6.1 | |
| bestpractical | rt | 3.6.2 | |
| bestpractical | rt | 3.6.3 | |
| bestpractical | rt | 3.6.4 | |
| bestpractical | rt | 3.6.5 | |
| bestpractical | rt | 3.6.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F451959A-5305-4210-977B-6B396BC0A4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA418CF5-49D6-4E0E-A1B5-8CB23752989D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E238F87-8D8C-4E62-A8F0-3DB9EFDB8328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD8A7EF-5DB8-40C6-9124-A97A23B3EA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD553B8-8495-47E5-A543-4DC963B3511A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "28ADB191-4787-4FDB-B70A-F4C8BDF0F4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2772389A-9BCD-4B13-88C8-75BC64E40AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F9D05F-C86D-40D8-A7D9-5448918B72DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "311485DA-5381-4EAD-AF58-B8C67373413A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAF6671-8C77-448B-BF29-E2CF51176CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B55D762D-A723-435C-8D80-F7230F1648D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC63EDC-541E-445D-8B72-799E4184B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E6196E-4A90-4F64-BA99-A8E04A09D5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7CE86-3FCD-472E-BF01-31FFB36701BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B3F0B2-8C70-4046-AAA0-FBD344FE4DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD0173D-F699-4864-8856-D1792BDA0F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC2E53-5DE8-4A31-9B8A-79335DFBAFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "404AFC5C-20B4-41E5-ACDE-56626D68AFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F37D1380-965B-40E0-8A20-61FEA072B8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E101B0FE-499F-44D8-8B68-BB7FEE40D2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "747D8CD1-EE12-48A4-A795-88BC66A8DA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE201D-F31A-4738-B9AB-7BB11417990E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6ED4EC-F860-47BD-B699-551FB5DBF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3398823-1813-4D7B-9EC9-74222A240051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98B7895-BDB3-477C-8B34-88BD3E02EAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service (CPU or memory consumption) via unspecified vectors related to the Devel::StackTrace module for Perl."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Best Practical Solutions RT 3.0.0 hasta 3.6.6 permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (agotamiento de CPU o memoria) a trav\u00e9s de vectores no especificados relacionados con el m\u00f3dulo Devel::StackTrace de Perl."
}
],
"id": "CVE-2008-3502",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-06T18:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2008-June/000158.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30830"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29925"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2008-June/000158.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43337"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-23 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:preflight1:*:*:*:*:*:*",
"matchCriteriaId": "34A06E8A-1591-4ED9-AE0D-4A95E3327FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA620414-F78C-49C2-AC29-7CCCCC15B4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A12FC95C-F9A7-4E47-AC07-F680D4436156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D6101EAE-CB0E-4AB2-BCDC-9B4354422940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:preflight0:*:*:*:*:*:*",
"matchCriteriaId": "54941FC4-7DD6-4F6D-AA14-296045D55C44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46059518-DCCB-410A-B7FD-FAF5F9DF9498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB1FAAF6-4403-4A45-B0D8-F9E4752C0CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6E90C9D-CCEF-47CE-BED1-16BF37927998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13410E37-9A6A-4A33-BB97-6B4D96AA11FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02949074-A703-4F6E-BBA7-B79021A1377E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C440174-183B-423B-8E85-37E78EB43A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CED5D54-C62B-4543-9C36-D76489EA3CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B9A9DF7-8700-4CD4-9DAA-5368066F17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC116B6E-F6A7-4885-B592-635EE06B6E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9635AFA4-24E6-4893-8B4B-57FE811A758D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32BE1C0B-D379-4A51-8188-B660730539AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DDD10111-15EC-4749-BC02-97979FFFA370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E768F1-80EA-4016-837E-9B92A3954F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82B26A8A-701E-4144-BE4A-E7C886C2E7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2C19BF7A-B957-422B-8B93-DB1B986979AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C35364B8-6BB7-439D-9450-08FB11639E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0A205895-B227-49C0-879A-72FB0BDA8A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B5E26C51-9F68-4A2E-9B91-CD90C91E1791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C4581C2F-8573-41DD-8730-864D66053BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5822BA44-EF00-43AD-80AF-5AF8719E0C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4DC9BA2D-948D-42DE-A0AF-35BE5BE5F941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "AE10624B-CEC3-4851-8C40-04DEDB17A4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE28E11-DE45-44AF-929A-A0F48D14FBE8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F478B6AB-8B47-46A2-BEA7-9FF24F4A7026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A7CA2655-8B75-4DFF-9B30-1B9839B87D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D976231-5D79-4C48-BFFA-39E3E7FE35A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F35ABA0F-6072-433E-AAA5-3B0BB219B404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "886BD643-B430-4E7A-BC33-50A1B01515D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C469BBE-00A5-4B19-91E4-5C5DF3210BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5315BD2E-AE5F-49F9-8451-0D2D64CE56B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "087B001A-78B6-46EB-8623-D8C680243867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E39EBCE5-FB2E-475E-9EF4-263416315A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5467F5A9-7FFE-4ED6-90A4-490D886B6F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "252B0169-58A5-4AF4-BB71-08D0A874B616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A67F3E23-4345-449E-83C6-219A08412A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BAFB3374-D0EA-4962-B2B6-4B7A336F874F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "20972E11-0401-4DA2-94D5-2A35F5E1AA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E81D1019-C2A1-47CA-B3C9-D208BFDE1391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "45AD36C4-069B-4A2F-ACAE-E2EF7BC1CA4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "15112BC0-8C03-4417-A0EB-123C326E6F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "685B747F-6C34-4D76-B1A3-652EF2480D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E6D6E2-13A1-4AF9-B1A2-414588CCBD35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en Request Tracker (RT) v3.8.3 hasta v3.8.16 y v4.0.x anterior a v4.0.13 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del nombre de archivo de datos adjuntos."
}
],
"id": "CVE-2013-3371",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-23T16:55:07.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53505"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53522"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/93608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/93608"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-11 13:00
Modified
2025-04-11 00:51
Severity ?
Summary
Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:preflight1:*:*:*:*:*:*",
"matchCriteriaId": "34A06E8A-1591-4ED9-AE0D-4A95E3327FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "EA620414-F78C-49C2-AC29-7CCCCC15B4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A12FC95C-F9A7-4E47-AC07-F680D4436156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D6101EAE-CB0E-4AB2-BCDC-9B4354422940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:preflight0:*:*:*:*:*:*",
"matchCriteriaId": "54941FC4-7DD6-4F6D-AA14-296045D55C44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46059518-DCCB-410A-B7FD-FAF5F9DF9498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CB1FAAF6-4403-4A45-B0D8-F9E4752C0CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A6E90C9D-CCEF-47CE-BED1-16BF37927998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13410E37-9A6A-4A33-BB97-6B4D96AA11FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:rc5:*:*:*:*:*:*",
"matchCriteriaId": "02949074-A703-4F6E-BBA7-B79021A1377E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C440174-183B-423B-8E85-37E78EB43A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4CED5D54-C62B-4543-9C36-D76489EA3CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B9A9DF7-8700-4CD4-9DAA-5368066F17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AC116B6E-F6A7-4885-B592-635EE06B6E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9635AFA4-24E6-4893-8B4B-57FE811A758D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "546F1582-B85F-4D4F-840C-6257F1DE05E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D8DB6F17-FF2F-4DCA-A8D1-C3E0D42ACCAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32BE1C0B-D379-4A51-8188-B660730539AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DDD10111-15EC-4749-BC02-97979FFFA370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E768F1-80EA-4016-837E-9B92A3954F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "82B26A8A-701E-4144-BE4A-E7C886C2E7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2C19BF7A-B957-422B-8B93-DB1B986979AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C35364B8-6BB7-439D-9450-08FB11639E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0A205895-B227-49C0-879A-72FB0BDA8A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B5E26C51-9F68-4A2E-9B91-CD90C91E1791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C4581C2F-8573-41DD-8730-864D66053BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5822BA44-EF00-43AD-80AF-5AF8719E0C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4DC9BA2D-948D-42DE-A0AF-35BE5BE5F941",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84987A7-103B-4473-9D4F-9F28880F6D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E220C7C-D32C-4ED1-A056-074576B7B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "57A903C6-3C9F-47A0-92F7-D5272B2622AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "67EBD0AE-1A91-4690-8A07-0FB7342768FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "A1217A3C-2302-4E3B-BF35-4B16271A6FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A72E5649-26E5-47DE-9CB4-019FEC8AF13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "51E06E3C-4504-4325-BD89-9102315858C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "8A1286FE-DB7C-48B1-82A9-A23C82984A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.0:rc8:*:*:*:*:*:*",
"matchCriteriaId": "5C89298A-DA7A-4DDD-A420-5B5BC0ABAF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60F0CE6D-3DFA-4432-9615-78718C1D5583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F478B6AB-8B47-46A2-BEA7-9FF24F4A7026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A7CA2655-8B75-4DFF-9B30-1B9839B87D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65F27F5-D134-4B94-BF93-CE32065B75B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9D976231-5D79-4C48-BFFA-39E3E7FE35A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F35ABA0F-6072-433E-AAA5-3B0BB219B404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D6E744-5181-4E94-8B9B-3CA83648C7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "886BD643-B430-4E7A-BC33-50A1B01515D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8C469BBE-00A5-4B19-91E4-5C5DF3210BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5315BD2E-AE5F-49F9-8451-0D2D64CE56B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "087B001A-78B6-46EB-8623-D8C680243867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E39EBCE5-FB2E-475E-9EF4-263416315A34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5467F5A9-7FFE-4ED6-90A4-490D886B6F01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "252B0169-58A5-4AF4-BB71-08D0A874B616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A67F3E23-4345-449E-83C6-219A08412A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "20972E11-0401-4DA2-94D5-2A35F5E1AA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:4.0.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E81D1019-C2A1-47CA-B3C9-D208BFDE1391",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de argumentos en Request Tracker (RT) v3.8.x antes de v3.8.15 y 4.0.x antes de v4.0.8, permite a atacantes remotos crear archivos de su elecci\u00f3n a trav\u00e9s de vectores no especificados relacionados con el cliente GnuPG."
}
],
"id": "CVE-2012-4884",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-11T13:00:59.557",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2567"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-28 16:00
Modified
2025-04-11 00:51
Severity ?
Summary
Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:*:rc3:*:*:*:*:*:*",
"matchCriteriaId": "A1369FE3-D1CC-4A6B-9D5B-796B1BAFE1AF",
"versionEndIncluding": "3.8.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "798C7256-C8A7-46EA-BE0C-685620CF78AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC812A18-628E-4EFA-95C7-010694423894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05EFCBF0-4447-4457-92B9-587A28C2D8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9A6E50-5666-48BF-8FD7-2668D8AD7344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "915FBC54-78F1-43AC-8394-AA25BC9F88F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6F083E35-4189-45E9-A1A1-9062C88ED144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C9869E-5949-4C1E-AED7-3A8FB3C133F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2090D7-2796-44E9-8330-CE874E9514E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B558A64D-2E06-416C-85F5-AAFFD18096D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3A24FF7-A1B0-4998-A0F8-6E5D70901299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F01659AA-9146-4238-9FEE-70D345D31094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA74674-D04E-4458-ADF0-C733E9592B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F4ACD97-35AD-4E23-83FC-E39016936EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DF589DDB-4348-4A55-9468-DBB5F03C82F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C59D941-22C2-41A7-B9BA-4CBDA3E71F5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DB507C08-D3CC-4AC8-9BAC-EED9FD09E1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A50288EA-2628-47D7-9F25-EE514B9083F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "91868A78-C6C7-4C03-95B3-755816F8C663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B4383B-20C5-4620-8107-255AD3D45D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09A128B7-AA70-49DD-A20E-B9BB7D23A4EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "88EFA7E0-C472-4E93-8E38-98DFCCD37EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6E6381E7-1C01-4239-A02F-C6DB5D775F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4120F4E4-E4EB-434C-9764-370102198554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E1CA0866-CC49-4956-9493-849069B4485B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "565B7E66-BD96-419A-8EC2-FE971BDC47A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC1443B-50C8-4E98-9900-CACFEA5AD00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F451959A-5305-4210-977B-6B396BC0A4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA418CF5-49D6-4E0E-A1B5-8CB23752989D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E238F87-8D8C-4E62-A8F0-3DB9EFDB8328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD8A7EF-5DB8-40C6-9124-A97A23B3EA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AD553B8-8495-47E5-A543-4DC963B3511A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "28ADB191-4787-4FDB-B70A-F4C8BDF0F4B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2772389A-9BCD-4B13-88C8-75BC64E40AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F9D05F-C86D-40D8-A7D9-5448918B72DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "311485DA-5381-4EAD-AF58-B8C67373413A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAF6671-8C77-448B-BF29-E2CF51176CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B55D762D-A723-435C-8D80-F7230F1648D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4CC63EDC-541E-445D-8B72-799E4184B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D5E6196E-4A90-4F64-BA99-A8E04A09D5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "91D7CE86-3FCD-472E-BF01-31FFB36701BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70B3F0B2-8C70-4046-AAA0-FBD344FE4DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD0173D-F699-4864-8856-D1792BDA0F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19CC2E53-5DE8-4A31-9B8A-79335DFBAFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "404AFC5C-20B4-41E5-ACDE-56626D68AFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F37D1380-965B-40E0-8A20-61FEA072B8D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E101B0FE-499F-44D8-8B68-BB7FEE40D2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "747D8CD1-EE12-48A4-A795-88BC66A8DA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDE201D-F31A-4738-B9AB-7BB11417990E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6ED4EC-F860-47BD-B699-551FB5DBF039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E3398823-1813-4D7B-9EC9-74222A240051",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F98B7895-BDB3-477C-8B34-88BD3E02EAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00AFB893-E37A-4E81-A984-66D677161D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout."
},
{
"lang": "es",
"value": "Best Practical Solutions RT anterior a v3.8.9 no desarrolla ciertas redirecciones en el login, lo que permite a atacantes pr\u00f3ximos f\u00edsicamente obtener credenciales reenviando el formulario de registro a trav\u00e9s del bot\u00f3n back en un buscador web en una m\u00e1quina de trabajo no atendidad despu\u00e9s de un cierre de sesi\u00f3n RT."
}
],
"id": "CVE-2011-1007",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-28T16:00:01.603",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575"
},
{
"source": "secalert@redhat.com",
"url": "http://issues.bestpractical.com/Ticket/Display.html?id=15804"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/12"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/6"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/02/23/22"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/02/24/7"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/02/24/8"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/02/24/9"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/71012"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43438"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0475"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65771"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://issues.bestpractical.com/Ticket/Display.html?id=15804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/02/23/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/02/24/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/02/24/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/02/24/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/71012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-30087 (GCVE-0-2025-30087)
Vulnerability from cvelistv5
Published
2025-05-28 00:00
Modified
2025-05-28 18:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| bestpractical | RT |
Version: 4.4.0 ≤ Version: 5.0.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T18:00:11.113721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T18:00:16.350Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RT",
"vendor": "bestpractical",
"versions": [
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "5.0.8",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.8",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bestpractical:rt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.8",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:53:01.345Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.8"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/4.4.8"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-30087",
"datePublished": "2025-05-28T00:00:00.000Z",
"dateReserved": "2025-03-16T00:00:00.000Z",
"dateUpdated": "2025-05-28T18:00:16.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1689 (GCVE-0-2011-1689)
Vulnerability from cvelistv5
Published
2011-04-22 10:00
Modified
2024-08-06 22:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2011/1071 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66796 | vdb-entry, x_refsource_XF | |
| http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=696795 | x_refsource_CONFIRM | |
| http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/47383 | vdb-entry, x_refsource_BID | |
| http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2011/dsa-2220 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/44189 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-1071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"name": "rt-unspec-xss(66796)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66796"
},
{
"name": "[rt-announce] 20110414 RT 3.8.10 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"name": "47383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47383"
},
{
"name": "[rt-announce] 20110414 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"name": "[rt-announce] 20110414 RT 3.6.11 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"name": "DSA-2220",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"name": "44189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2011-1071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"name": "rt-unspec-xss(66796)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66796"
},
{
"name": "[rt-announce] 20110414 RT 3.8.10 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"name": "47383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47383"
},
{
"name": "[rt-announce] 20110414 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"name": "[rt-announce] 20110414 RT 3.6.11 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"name": "DSA-2220",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"name": "44189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44189"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-1071",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"name": "rt-unspec-xss(66796)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66796"
},
{
"name": "[rt-announce] 20110414 RT 3.8.10 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=696795",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"name": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html",
"refsource": "CONFIRM",
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"name": "47383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47383"
},
{
"name": "[rt-announce] 20110414 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"name": "[rt-announce] 20110414 RT 3.6.11 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"name": "DSA-2220",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"name": "44189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44189"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1689",
"datePublished": "2011-04-22T10:00:00",
"dateReserved": "2011-04-13T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2082 (GCVE-0-2011-2082)
Vulnerability from cvelistv5
Published
2012-06-04 19:00
Modified
2024-08-06 22:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/49259 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/53660 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:01.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49259"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-29T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49259"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49259"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2082",
"datePublished": "2012-06-04T19:00:00",
"dateReserved": "2011-05-13T00:00:00",
"dateUpdated": "2024-08-06T22:46:01.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3368 (GCVE-0-2013-3368)
Vulnerability from cvelistv5
Published
2013-08-23 16:00
Modified
2024-09-17 00:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html | mailing-list, x_refsource_MLIST | |
| http://www.osvdb.org/93612 | vdb-entry, x_refsource_OSVDB | |
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/53505 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2012/dsa-2670 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/53522 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:37.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "93612",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/93612"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "53505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53522"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-23T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "93612",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/93612"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "53505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53522"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "93612",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/93612"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "53505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53522"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3368",
"datePublished": "2013-08-23T16:00:00Z",
"dateReserved": "2013-05-06T00:00:00Z",
"dateUpdated": "2024-09-17T00:55:59.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5093 (GCVE-0-2011-5093)
Vulnerability from cvelistv5
Published
2012-06-04 19:00
Modified
2024-09-16 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:40.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-04T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5093",
"datePublished": "2012-06-04T19:00:00Z",
"dateReserved": "2012-06-04T00:00:00Z",
"dateUpdated": "2024-09-16T23:46:51.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3369 (GCVE-0-2013-3369)
Vulnerability from cvelistv5
Published
2013-08-23 16:00
Modified
2024-09-17 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html | mailing-list, x_refsource_MLIST | |
| http://www.osvdb.org/93610 | vdb-entry, x_refsource_OSVDB | |
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/53505 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2012/dsa-2670 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/53522 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:37.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "93610",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/93610"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "53505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53522"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-23T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "93610",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/93610"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "53505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53522"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "93610",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/93610"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "53505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53522"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3369",
"datePublished": "2013-08-23T16:00:00Z",
"dateReserved": "2013-05-06T00:00:00Z",
"dateUpdated": "2024-09-17T00:31:06.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3585 (GCVE-0-2009-3585)
Vulnerability from cvelistv5
Published
2009-12-02 16:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same domain.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20091130 SECURITY - RT 3.6.10 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000177.html"
},
{
"name": "FEDORA-2009-12783",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00761.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bestpractical.typepad.com/files/rt-3.6.2-3.6.3-session_fixation.v3.patch"
},
{
"name": "37546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37546"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bestpractical.typepad.com/files/rt-3.6.4-3.6.9-session_fixation.v2.patch"
},
{
"name": "rt-unspecified-session-hijacking(54472)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54472"
},
{
"name": "[rt-announce] 20091130 SECURITY - Session Fixation Vulnerability in RT 3.0.0-3.8.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000176.html"
},
{
"name": "FEDORA-2009-12817",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00794.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bestpractical.typepad.com/files/rt-3.0.0-session_fixation.v3.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bestpractical.typepad.com/files/rt-3.0.1-3.0.6-session_fixation.v3.patch"
},
{
"name": "37728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37728"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bestpractical.typepad.com/files/rt-3.0.7-3.6.1-session_fixation.v3.patch"
},
{
"name": "FEDORA-2009-12827",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00832.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.bestpractical.com/2009/11/session-fixation-vulnerability.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bestpractical.typepad.com/files/rt-3.8-session_fixation.patch"
},
{
"name": "37162",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37162"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20091130 SECURITY - RT 3.6.10 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000177.html"
},
{
"name": "FEDORA-2009-12783",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00761.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bestpractical.typepad.com/files/rt-3.6.2-3.6.3-session_fixation.v3.patch"
},
{
"name": "37546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37546"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bestpractical.typepad.com/files/rt-3.6.4-3.6.9-session_fixation.v2.patch"
},
{
"name": "rt-unspecified-session-hijacking(54472)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54472"
},
{
"name": "[rt-announce] 20091130 SECURITY - Session Fixation Vulnerability in RT 3.0.0-3.8.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000176.html"
},
{
"name": "FEDORA-2009-12817",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00794.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bestpractical.typepad.com/files/rt-3.0.0-session_fixation.v3.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bestpractical.typepad.com/files/rt-3.0.1-3.0.6-session_fixation.v3.patch"
},
{
"name": "37728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37728"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bestpractical.typepad.com/files/rt-3.0.7-3.6.1-session_fixation.v3.patch"
},
{
"name": "FEDORA-2009-12827",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00832.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.bestpractical.com/2009/11/session-fixation-vulnerability.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bestpractical.typepad.com/files/rt-3.8-session_fixation.patch"
},
{
"name": "37162",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37162"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20091130 SECURITY - RT 3.6.10 Released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000177.html"
},
{
"name": "FEDORA-2009-12783",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00761.html"
},
{
"name": "http://bestpractical.typepad.com/files/rt-3.6.2-3.6.3-session_fixation.v3.patch",
"refsource": "CONFIRM",
"url": "http://bestpractical.typepad.com/files/rt-3.6.2-3.6.3-session_fixation.v3.patch"
},
{
"name": "37546",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37546"
},
{
"name": "http://bestpractical.typepad.com/files/rt-3.6.4-3.6.9-session_fixation.v2.patch",
"refsource": "CONFIRM",
"url": "http://bestpractical.typepad.com/files/rt-3.6.4-3.6.9-session_fixation.v2.patch"
},
{
"name": "rt-unspecified-session-hijacking(54472)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54472"
},
{
"name": "[rt-announce] 20091130 SECURITY - Session Fixation Vulnerability in RT 3.0.0-3.8.5",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000176.html"
},
{
"name": "FEDORA-2009-12817",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00794.html"
},
{
"name": "http://bestpractical.typepad.com/files/rt-3.0.0-session_fixation.v3.patch",
"refsource": "CONFIRM",
"url": "http://bestpractical.typepad.com/files/rt-3.0.0-session_fixation.v3.patch"
},
{
"name": "http://bestpractical.typepad.com/files/rt-3.0.1-3.0.6-session_fixation.v3.patch",
"refsource": "CONFIRM",
"url": "http://bestpractical.typepad.com/files/rt-3.0.1-3.0.6-session_fixation.v3.patch"
},
{
"name": "37728",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37728"
},
{
"name": "http://bestpractical.typepad.com/files/rt-3.0.7-3.6.1-session_fixation.v3.patch",
"refsource": "CONFIRM",
"url": "http://bestpractical.typepad.com/files/rt-3.0.7-3.6.1-session_fixation.v3.patch"
},
{
"name": "FEDORA-2009-12827",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00832.html"
},
{
"name": "http://blog.bestpractical.com/2009/11/session-fixation-vulnerability.html",
"refsource": "CONFIRM",
"url": "http://blog.bestpractical.com/2009/11/session-fixation-vulnerability.html"
},
{
"name": "http://bestpractical.typepad.com/files/rt-3.8-session_fixation.patch",
"refsource": "CONFIRM",
"url": "http://bestpractical.typepad.com/files/rt-3.8-session_fixation.patch"
},
{
"name": "37162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37162"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3585",
"datePublished": "2009-12-02T16:00:00",
"dateReserved": "2009-10-07T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4459 (GCVE-0-2011-4459)
Vulnerability from cvelistv5
Published
2012-06-04 19:00
Modified
2024-08-07 00:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/49259 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/53660 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49259"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-29T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49259"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49259"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4459",
"datePublished": "2012-06-04T19:00:00",
"dateReserved": "2011-11-16T00:00:00",
"dateUpdated": "2024-08-07T00:09:18.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4151 (GCVE-0-2009-4151)
Vulnerability from cvelistv5
Published
2009-12-02 16:00
Modified
2024-08-07 06:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a related issue to CVE-2009-3585.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:09.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20091130 SECURITY - RT 3.6.10 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000177.html"
},
{
"name": "FEDORA-2009-12783",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00761.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bestpractical.typepad.com/files/rt-3.6.2-3.6.3-session_fixation.v3.patch"
},
{
"name": "37546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37546"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bestpractical.typepad.com/files/rt-3.6.4-3.6.9-session_fixation.v2.patch"
},
{
"name": "rt-unspecified-session-hijacking(54472)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54472"
},
{
"name": "[rt-announce] 20091130 SECURITY - Session Fixation Vulnerability in RT 3.0.0-3.8.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000176.html"
},
{
"name": "FEDORA-2009-12817",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00794.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bestpractical.typepad.com/files/rt-3.0.0-session_fixation.v3.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bestpractical.typepad.com/files/rt-3.0.1-3.0.6-session_fixation.v3.patch"
},
{
"name": "37728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37728"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bestpractical.typepad.com/files/rt-3.0.7-3.6.1-session_fixation.v3.patch"
},
{
"name": "FEDORA-2009-12827",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00832.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.bestpractical.com/2009/11/session-fixation-vulnerability.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bestpractical.typepad.com/files/rt-3.8-session_fixation.patch"
},
{
"name": "37162",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37162"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages \"HTTP access to the RT server,\" a related issue to CVE-2009-3585."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20091130 SECURITY - RT 3.6.10 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000177.html"
},
{
"name": "FEDORA-2009-12783",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00761.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bestpractical.typepad.com/files/rt-3.6.2-3.6.3-session_fixation.v3.patch"
},
{
"name": "37546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37546"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bestpractical.typepad.com/files/rt-3.6.4-3.6.9-session_fixation.v2.patch"
},
{
"name": "rt-unspecified-session-hijacking(54472)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54472"
},
{
"name": "[rt-announce] 20091130 SECURITY - Session Fixation Vulnerability in RT 3.0.0-3.8.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000176.html"
},
{
"name": "FEDORA-2009-12817",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00794.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bestpractical.typepad.com/files/rt-3.0.0-session_fixation.v3.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bestpractical.typepad.com/files/rt-3.0.1-3.0.6-session_fixation.v3.patch"
},
{
"name": "37728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37728"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bestpractical.typepad.com/files/rt-3.0.7-3.6.1-session_fixation.v3.patch"
},
{
"name": "FEDORA-2009-12827",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00832.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.bestpractical.com/2009/11/session-fixation-vulnerability.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bestpractical.typepad.com/files/rt-3.8-session_fixation.patch"
},
{
"name": "37162",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37162"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages \"HTTP access to the RT server,\" a related issue to CVE-2009-3585."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20091130 SECURITY - RT 3.6.10 Released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000177.html"
},
{
"name": "FEDORA-2009-12783",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00761.html"
},
{
"name": "http://bestpractical.typepad.com/files/rt-3.6.2-3.6.3-session_fixation.v3.patch",
"refsource": "CONFIRM",
"url": "http://bestpractical.typepad.com/files/rt-3.6.2-3.6.3-session_fixation.v3.patch"
},
{
"name": "37546",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37546"
},
{
"name": "http://bestpractical.typepad.com/files/rt-3.6.4-3.6.9-session_fixation.v2.patch",
"refsource": "CONFIRM",
"url": "http://bestpractical.typepad.com/files/rt-3.6.4-3.6.9-session_fixation.v2.patch"
},
{
"name": "rt-unspecified-session-hijacking(54472)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54472"
},
{
"name": "[rt-announce] 20091130 SECURITY - Session Fixation Vulnerability in RT 3.0.0-3.8.5",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000176.html"
},
{
"name": "FEDORA-2009-12817",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00794.html"
},
{
"name": "http://bestpractical.typepad.com/files/rt-3.0.0-session_fixation.v3.patch",
"refsource": "CONFIRM",
"url": "http://bestpractical.typepad.com/files/rt-3.0.0-session_fixation.v3.patch"
},
{
"name": "http://bestpractical.typepad.com/files/rt-3.0.1-3.0.6-session_fixation.v3.patch",
"refsource": "CONFIRM",
"url": "http://bestpractical.typepad.com/files/rt-3.0.1-3.0.6-session_fixation.v3.patch"
},
{
"name": "37728",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37728"
},
{
"name": "http://bestpractical.typepad.com/files/rt-3.0.7-3.6.1-session_fixation.v3.patch",
"refsource": "CONFIRM",
"url": "http://bestpractical.typepad.com/files/rt-3.0.7-3.6.1-session_fixation.v3.patch"
},
{
"name": "FEDORA-2009-12827",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00832.html"
},
{
"name": "http://blog.bestpractical.com/2009/11/session-fixation-vulnerability.html",
"refsource": "CONFIRM",
"url": "http://blog.bestpractical.com/2009/11/session-fixation-vulnerability.html"
},
{
"name": "http://bestpractical.typepad.com/files/rt-3.8-session_fixation.patch",
"refsource": "CONFIRM",
"url": "http://bestpractical.typepad.com/files/rt-3.8-session_fixation.patch"
},
{
"name": "37162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37162"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4151",
"datePublished": "2009-12-02T16:00:00",
"dateReserved": "2009-12-02T00:00:00",
"dateUpdated": "2024-08-07T06:54:09.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4730 (GCVE-0-2012-4730)
Vulnerability from cvelistv5
Published
2012-11-11 11:00
Modified
2024-09-16 23:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:55.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-11T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4730",
"datePublished": "2012-11-11T11:00:00Z",
"dateReserved": "2012-08-29T00:00:00Z",
"dateUpdated": "2024-09-16T23:56:34.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4733 (GCVE-0-2012-4733)
Vulnerability from cvelistv5
Published
2013-08-23 16:00
Modified
2024-09-16 20:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html | mailing-list, x_refsource_MLIST | |
| http://www.osvdb.org/93611 | vdb-entry, x_refsource_OSVDB | |
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/53522 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:55.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "93611",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/93611"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "53522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53522"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and \"custom lifecycle transition\" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-23T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "93611",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/93611"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "53522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53522"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and \"custom lifecycle transition\" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "93611",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/93611"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "53522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53522"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4733",
"datePublished": "2013-08-23T16:00:00Z",
"dateReserved": "2012-08-29T00:00:00Z",
"dateUpdated": "2024-09-16T20:36:33.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3502 (GCVE-0-2008-3502)
Vulnerability from cvelistv5
Published
2008-08-06 18:00
Modified
2024-08-07 09:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service (CPU or memory consumption) via unspecified vectors related to the Devel::StackTrace module for Perl.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2008-June/000158.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/29925 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43337 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/30830 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:18.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Rt-announce] 20080623 Security vulnerability in RT 3.0 and up",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2008-June/000158.html"
},
{
"name": "29925",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29925"
},
{
"name": "rt-develstacktrace-dos(43337)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43337"
},
{
"name": "30830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30830"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service (CPU or memory consumption) via unspecified vectors related to the Devel::StackTrace module for Perl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[Rt-announce] 20080623 Security vulnerability in RT 3.0 and up",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2008-June/000158.html"
},
{
"name": "29925",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29925"
},
{
"name": "rt-develstacktrace-dos(43337)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43337"
},
{
"name": "30830",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30830"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through 3.6.6 allows remote authenticated users to cause a denial of service (CPU or memory consumption) via unspecified vectors related to the Devel::StackTrace module for Perl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Rt-announce] 20080623 Security vulnerability in RT 3.0 and up",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2008-June/000158.html"
},
{
"name": "29925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29925"
},
{
"name": "rt-develstacktrace-dos(43337)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43337"
},
{
"name": "30830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30830"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3502",
"datePublished": "2008-08-06T18:00:00",
"dateReserved": "2008-08-06T00:00:00",
"dateUpdated": "2024-08-07T09:45:18.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31500 (GCVE-0-2025-31500)
Vulnerability from cvelistv5
Published
2025-05-28 00:00
Modified
2025-05-28 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| bestpractical | RT |
Version: 5.0.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31500",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T17:59:42.444191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:59:47.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RT",
"vendor": "bestpractical",
"versions": [
{
"lessThan": "5.0.8",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.8",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:45:41.901Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.8"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-31500",
"datePublished": "2025-05-28T00:00:00.000Z",
"dateReserved": "2025-03-28T00:00:00.000Z",
"dateUpdated": "2025-05-28T17:59:47.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1686 (GCVE-0-2011-1686)
Vulnerability from cvelistv5
Published
2011-04-22 10:00
Modified
2024-08-06 22:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2011/1071 | vdb-entry, x_refsource_VUPEN | |
| http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=696795 | x_refsource_CONFIRM | |
| http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/47383 | vdb-entry, x_refsource_BID | |
| http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2011/dsa-2220 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/44189 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66792 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-1071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"name": "[rt-announce] 20110414 RT 3.8.10 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"name": "47383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47383"
},
{
"name": "[rt-announce] 20110414 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"name": "[rt-announce] 20110414 RT 3.6.11 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"name": "DSA-2220",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"name": "44189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44189"
},
{
"name": "rt-unspec-sql-injection(66792)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66792"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2011-1071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"name": "[rt-announce] 20110414 RT 3.8.10 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"name": "47383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47383"
},
{
"name": "[rt-announce] 20110414 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"name": "[rt-announce] 20110414 RT 3.6.11 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"name": "DSA-2220",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"name": "44189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44189"
},
{
"name": "rt-unspec-sql-injection(66792)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66792"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-1071",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"name": "[rt-announce] 20110414 RT 3.8.10 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=696795",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"name": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html",
"refsource": "CONFIRM",
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"name": "47383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47383"
},
{
"name": "[rt-announce] 20110414 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"name": "[rt-announce] 20110414 RT 3.6.11 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"name": "DSA-2220",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"name": "44189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44189"
},
{
"name": "rt-unspec-sql-injection(66792)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66792"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1686",
"datePublished": "2011-04-22T10:00:00",
"dateReserved": "2011-04-13T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1690 (GCVE-0-2011-1690)
Vulnerability from cvelistv5
Published
2011-04-22 10:00
Modified
2024-08-06 22:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2011/1071 | vdb-entry, x_refsource_VUPEN | |
| http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=696795 | x_refsource_CONFIRM | |
| http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66794 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/47383 | vdb-entry, x_refsource_BID | |
| http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2011/dsa-2220 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/44189 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:24.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-1071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"name": "[rt-announce] 20110414 RT 3.8.10 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"name": "rt-unspecified-sec-bypass(66794)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66794"
},
{
"name": "47383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47383"
},
{
"name": "[rt-announce] 20110414 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"name": "[rt-announce] 20110414 RT 3.6.11 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"name": "DSA-2220",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"name": "44189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2011-1071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"name": "[rt-announce] 20110414 RT 3.8.10 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"name": "rt-unspecified-sec-bypass(66794)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66794"
},
{
"name": "47383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47383"
},
{
"name": "[rt-announce] 20110414 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"name": "[rt-announce] 20110414 RT 3.6.11 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"name": "DSA-2220",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"name": "44189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44189"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-1071",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"name": "[rt-announce] 20110414 RT 3.8.10 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=696795",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"name": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html",
"refsource": "CONFIRM",
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"name": "rt-unspecified-sec-bypass(66794)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66794"
},
{
"name": "47383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47383"
},
{
"name": "[rt-announce] 20110414 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"name": "[rt-announce] 20110414 RT 3.6.11 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"name": "DSA-2220",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"name": "44189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44189"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1690",
"datePublished": "2011-04-22T10:00:00",
"dateReserved": "2011-04-13T00:00:00",
"dateUpdated": "2024-08-06T22:37:24.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-5092 (GCVE-0-2011-5092)
Vulnerability from cvelistv5
Published
2012-06-04 19:00
Modified
2024-09-17 03:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code and gain privileges via unspecified vectors, a different vulnerability than CVE-2011-4458 and CVE-2011-5093.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code and gain privileges via unspecified vectors, a different vulnerability than CVE-2011-4458 and CVE-2011-5093."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-04T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code and gain privileges via unspecified vectors, a different vulnerability than CVE-2011-4458 and CVE-2011-5093."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5092",
"datePublished": "2012-06-04T19:00:00Z",
"dateReserved": "2012-06-04T00:00:00Z",
"dateUpdated": "2024-09-17T03:02:30.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3892 (GCVE-0-2009-3892)
Vulnerability from cvelistv5
Published
2009-11-17 18:00
Modified
2024-08-07 06:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2009/11/16/4 | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000173.html | mailing-list, x_refsource_MLIST | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546778 | x_refsource_CONFIRM | |
| http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000172.html | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2009/11/15/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20091116 Re: CVE Id request: request-tracker",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/16/4"
},
{
"name": "[rt-announce] 20090914 RT 3.8.5 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000173.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546778"
},
{
"name": "[rt-announce] 20090914 RT 3.6.9 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000172.html"
},
{
"name": "[oss-security] 20091115 CVE Id request: request-tracker",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/15/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-17T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20091116 Re: CVE Id request: request-tracker",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/16/4"
},
{
"name": "[rt-announce] 20090914 RT 3.8.5 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000173.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546778"
},
{
"name": "[rt-announce] 20090914 RT 3.6.9 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000172.html"
},
{
"name": "[oss-security] 20091115 CVE Id request: request-tracker",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/11/15/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3892",
"datePublished": "2009-11-17T18:00:00Z",
"dateReserved": "2009-11-05T00:00:00Z",
"dateUpdated": "2024-08-07T06:45:50.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1474 (GCVE-0-2014-1474)
Vulnerability from cvelistv5
Published
2014-07-15 14:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html | x_refsource_CONFIRM | |
| https://metacpan.org/changes/release/ALEXMV/Email-Address-List-0.02 | x_refsource_CONFIRM | |
| http://lists.bestpractical.com/pipermail/rt-announce/2014-June/000257.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://metacpan.org/changes/release/ALEXMV/Email-Address-List-0.02"
},
{
"name": "[rt-announce] 20140612 RT 4.2.5 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2014-June/000257.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-15T11:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://metacpan.org/changes/release/ALEXMV/Email-Address-List-0.02"
},
{
"name": "[rt-announce] 20140612 RT 4.2.5 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2014-June/000257.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html",
"refsource": "CONFIRM",
"url": "http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html"
},
{
"name": "https://metacpan.org/changes/release/ALEXMV/Email-Address-List-0.02",
"refsource": "CONFIRM",
"url": "https://metacpan.org/changes/release/ALEXMV/Email-Address-List-0.02"
},
{
"name": "[rt-announce] 20140612 RT 4.2.5 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2014-June/000257.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1474",
"datePublished": "2014-07-15T14:00:00",
"dateReserved": "2014-01-16T00:00:00",
"dateUpdated": "2024-08-06T09:42:35.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2083 (GCVE-0-2011-2083)
Vulnerability from cvelistv5
Published
2012-06-04 19:00
Modified
2024-08-06 22:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/49259 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/53660 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49259"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-29T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49259"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49259"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2083",
"datePublished": "2012-06-04T19:00:00",
"dateReserved": "2011-05-13T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1008 (GCVE-0-2011-1008)
Vulnerability from cvelistv5
Published
2011-02-28 15:00
Modified
2024-08-06 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:26.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/24/9"
},
{
"name": "rt-scripsoverlay-information-disclosure(65772)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65772"
},
{
"name": "[oss-security] 20110223 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/23/22"
},
{
"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/24/7"
},
{
"name": "71011",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/71011"
},
{
"name": "[oss-security] 20110222 Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/12"
},
{
"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/24/8"
},
{
"name": "43438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43438"
},
{
"name": "[oss-security] 20110222 Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/16"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bestpractical/rt/commit/2338cd19ed7a7f4c1e94f639ab2789d6586d01f3"
},
{
"name": "[rt-announce] 20110216 RT 3.8.9 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html"
},
{
"name": "[oss-security] 20110222 CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/6"
},
{
"name": "ADV-2011-0475",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0475"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614576"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-25T16:06:21",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/24/9"
},
{
"name": "rt-scripsoverlay-information-disclosure(65772)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65772"
},
{
"name": "[oss-security] 20110223 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/23/22"
},
{
"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/24/7"
},
{
"name": "71011",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/71011"
},
{
"name": "[oss-security] 20110222 Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/12"
},
{
"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/24/8"
},
{
"name": "43438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43438"
},
{
"name": "[oss-security] 20110222 Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/16"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bestpractical/rt/commit/2338cd19ed7a7f4c1e94f639ab2789d6586d01f3"
},
{
"name": "[rt-announce] 20110216 RT 3.8.9 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html"
},
{
"name": "[oss-security] 20110222 CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/6"
},
{
"name": "ADV-2011-0475",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0475"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614576"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/24/9"
},
{
"name": "rt-scripsoverlay-information-disclosure(65772)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65772"
},
{
"name": "[oss-security] 20110223 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/23/22"
},
{
"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/24/7"
},
{
"name": "71011",
"refsource": "OSVDB",
"url": "http://osvdb.org/71011"
},
{
"name": "[oss-security] 20110222 Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/22/12"
},
{
"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/24/8"
},
{
"name": "43438",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43438"
},
{
"name": "[oss-security] 20110222 Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/22/16"
},
{
"name": "https://github.com/bestpractical/rt/commit/2338cd19ed7a7f4c1e94f639ab2789d6586d01f3",
"refsource": "CONFIRM",
"url": "https://github.com/bestpractical/rt/commit/2338cd19ed7a7f4c1e94f639ab2789d6586d01f3"
},
{
"name": "[rt-announce] 20110216 RT 3.8.9 Released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html"
},
{
"name": "[oss-security] 20110222 CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/22/6"
},
{
"name": "ADV-2011-0475",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0475"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614576",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614576"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1008",
"datePublished": "2011-02-28T15:00:00",
"dateReserved": "2011-02-14T00:00:00",
"dateUpdated": "2024-08-06T22:14:26.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1687 (GCVE-0-2011-1687)
Vulnerability from cvelistv5
Published
2011-04-22 10:00
Modified
2024-08-06 22:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2011/1071 | vdb-entry, x_refsource_VUPEN | |
| http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=696795 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66793 | vdb-entry, x_refsource_XF | |
| http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/47383 | vdb-entry, x_refsource_BID | |
| http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2011/dsa-2220 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/44189 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-1071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"name": "[rt-announce] 20110414 RT 3.8.10 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"name": "rt-search-interface-info-disclosure(66793)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66793"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"name": "47383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47383"
},
{
"name": "[rt-announce] 20110414 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"name": "[rt-announce] 20110414 RT 3.6.11 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"name": "DSA-2220",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"name": "44189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2011-1071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"name": "[rt-announce] 20110414 RT 3.8.10 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"name": "rt-search-interface-info-disclosure(66793)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66793"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"name": "47383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47383"
},
{
"name": "[rt-announce] 20110414 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"name": "[rt-announce] 20110414 RT 3.6.11 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"name": "DSA-2220",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"name": "44189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44189"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote authenticated users to obtain sensitive information by using the search interface, as demonstrated by retrieving encrypted passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-1071",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"name": "[rt-announce] 20110414 RT 3.8.10 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=696795",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"name": "rt-search-interface-info-disclosure(66793)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66793"
},
{
"name": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html",
"refsource": "CONFIRM",
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"name": "47383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47383"
},
{
"name": "[rt-announce] 20110414 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"name": "[rt-announce] 20110414 RT 3.6.11 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"name": "DSA-2220",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"name": "44189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44189"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1687",
"datePublished": "2011-04-22T10:00:00",
"dateReserved": "2011-04-13T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2770 (GCVE-0-2012-2770)
Vulnerability from cvelistv5
Published
2012-08-15 21:00
Modified
2024-08-06 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/54681 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/77213 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/50060 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54681"
},
{
"name": "authenexternalauth-url-sec-bypass(77213)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77213"
},
{
"name": "50060",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50060"
},
{
"name": "[rt-announce] 20120725 Security vulnerabilities in three commonly deployed RT extensions",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the \"URL of a RSS feed of the user.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "54681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54681"
},
{
"name": "authenexternalauth-url-sec-bypass(77213)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77213"
},
{
"name": "50060",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50060"
},
{
"name": "[rt-announce] 20120725 Security vulnerabilities in three commonly deployed RT extensions",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the \"URL of a RSS feed of the user.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54681"
},
{
"name": "authenexternalauth-url-sec-bypass(77213)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77213"
},
{
"name": "50060",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50060"
},
{
"name": "[rt-announce] 20120725 Security vulnerabilities in three commonly deployed RT extensions",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2770",
"datePublished": "2012-08-15T21:00:00",
"dateReserved": "2012-05-18T00:00:00",
"dateUpdated": "2024-08-06T19:42:32.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1688 (GCVE-0-2011-1688)
Vulnerability from cvelistv5
Published
2011-04-22 10:00
Modified
2024-08-06 22:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66795 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2011/1071 | vdb-entry, x_refsource_VUPEN | |
| http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=696795 | x_refsource_CONFIRM | |
| http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/47383 | vdb-entry, x_refsource_BID | |
| http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2011/dsa-2220 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/44189 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:24.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "rt-unspecified-dir-traversal(66795)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66795"
},
{
"name": "ADV-2011-1071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"name": "[rt-announce] 20110414 RT 3.8.10 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"name": "47383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47383"
},
{
"name": "[rt-announce] 20110414 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"name": "[rt-announce] 20110414 RT 3.6.11 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"name": "DSA-2220",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"name": "44189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "rt-unspecified-dir-traversal(66795)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66795"
},
{
"name": "ADV-2011-1071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"name": "[rt-announce] 20110414 RT 3.8.10 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"name": "47383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47383"
},
{
"name": "[rt-announce] 20110414 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"name": "[rt-announce] 20110414 RT 3.6.11 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"name": "DSA-2220",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"name": "44189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44189"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "rt-unspecified-dir-traversal(66795)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66795"
},
{
"name": "ADV-2011-1071",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"name": "[rt-announce] 20110414 RT 3.8.10 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=696795",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"name": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html",
"refsource": "CONFIRM",
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"name": "47383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47383"
},
{
"name": "[rt-announce] 20110414 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"name": "[rt-announce] 20110414 RT 3.6.11 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
},
{
"name": "DSA-2220",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"name": "44189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44189"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1688",
"datePublished": "2011-04-22T10:00:00",
"dateReserved": "2011-04-13T00:00:00",
"dateUpdated": "2024-08-06T22:37:24.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31501 (GCVE-0-2025-31501)
Vulnerability from cvelistv5
Published
2025-05-28 00:00
Modified
2025-05-28 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| bestpractical | RT |
Version: 5.0.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T17:59:24.546058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:59:29.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RT",
"vendor": "bestpractical",
"versions": [
{
"lessThan": "5.0.8",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestpractical:rt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.8",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:48:25.633Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.bestpractical.com/release-notes/rt/index.html"
},
{
"url": "https://docs.bestpractical.com/release-notes/rt/5.0.8"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-31501",
"datePublished": "2025-05-28T00:00:00.000Z",
"dateReserved": "2025-03-28T00:00:00.000Z",
"dateUpdated": "2025-05-28T17:59:29.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1007 (GCVE-0-2011-1007)
Vulnerability from cvelistv5
Published
2011-02-28 15:00
Modified
2024-08-06 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:26.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/24/9"
},
{
"name": "[oss-security] 20110223 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/23/22"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575"
},
{
"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/24/7"
},
{
"name": "[oss-security] 20110222 Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://issues.bestpractical.com/Ticket/Display.html?id=15804"
},
{
"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/24/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4"
},
{
"name": "43438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43438"
},
{
"name": "[oss-security] 20110222 Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/16"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069"
},
{
"name": "[rt-announce] 20110216 RT 3.8.9 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html"
},
{
"name": "rt-login-information-disclosure(65771)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65771"
},
{
"name": "[oss-security] 20110222 CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/6"
},
{
"name": "ADV-2011-0475",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0475"
},
{
"name": "71012",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/71012"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-25T16:06:46",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/24/9"
},
{
"name": "[oss-security] 20110223 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/23/22"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575"
},
{
"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/24/7"
},
{
"name": "[oss-security] 20110222 Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://issues.bestpractical.com/Ticket/Display.html?id=15804"
},
{
"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/24/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4"
},
{
"name": "43438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43438"
},
{
"name": "[oss-security] 20110222 Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/16"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069"
},
{
"name": "[rt-announce] 20110216 RT 3.8.9 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html"
},
{
"name": "rt-login-information-disclosure(65771)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65771"
},
{
"name": "[oss-security] 20110222 CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/02/22/6"
},
{
"name": "ADV-2011-0475",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0475"
},
{
"name": "71012",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/71012"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/24/9"
},
{
"name": "[oss-security] 20110223 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/23/22"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575"
},
{
"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/24/7"
},
{
"name": "[oss-security] 20110222 Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/22/12"
},
{
"name": "http://issues.bestpractical.com/Ticket/Display.html?id=15804",
"refsource": "CONFIRM",
"url": "http://issues.bestpractical.com/Ticket/Display.html?id=15804"
},
{
"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/24/8"
},
{
"name": "https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4",
"refsource": "CONFIRM",
"url": "https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4"
},
{
"name": "43438",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43438"
},
{
"name": "[oss-security] 20110222 Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/22/16"
},
{
"name": "https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069",
"refsource": "CONFIRM",
"url": "https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069"
},
{
"name": "[rt-announce] 20110216 RT 3.8.9 Released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html"
},
{
"name": "rt-login-information-disclosure(65771)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65771"
},
{
"name": "[oss-security] 20110222 CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/02/22/6"
},
{
"name": "ADV-2011-0475",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0475"
},
{
"name": "71012",
"refsource": "OSVDB",
"url": "http://osvdb.org/71012"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1007",
"datePublished": "2011-02-28T15:00:00",
"dateReserved": "2011-02-14T00:00:00",
"dateUpdated": "2024-08-06T22:14:26.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3370 (GCVE-0-2013-3370)
Vulnerability from cvelistv5
Published
2013-08-23 16:00
Modified
2024-09-17 00:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html | mailing-list, x_refsource_MLIST | |
| http://www.osvdb.org/93609 | vdb-entry, x_refsource_OSVDB | |
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/53505 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2012/dsa-2670 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/53522 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:37.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "93609",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/93609"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "53505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53522"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-23T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "93609",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/93609"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "53505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53522"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "93609",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/93609"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "53505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53522"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3370",
"datePublished": "2013-08-23T16:00:00Z",
"dateReserved": "2013-05-06T00:00:00Z",
"dateUpdated": "2024-09-17T00:00:42.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4732 (GCVE-0-2012-4732)
Vulnerability from cvelistv5
Published
2012-11-11 11:00
Modified
2024-08-06 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html | mailing-list, x_refsource_MLIST | |
| http://osvdb.org/86714 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:55.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
},
{
"name": "86714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/86714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
},
{
"name": "86714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/86714"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
},
{
"name": "86714",
"refsource": "OSVDB",
"url": "http://osvdb.org/86714"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4732",
"datePublished": "2012-11-11T11:00:00",
"dateReserved": "2012-08-29T00:00:00",
"dateUpdated": "2024-08-06T20:42:55.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3374 (GCVE-0-2013-3374)
Vulnerability from cvelistv5
Published
2013-08-23 16:00
Modified
2024-09-17 03:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, related to a "limited session re-use."
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/53505 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2012/dsa-2670 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/53522 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/93605 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:37.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "53505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53522"
},
{
"name": "93605",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/93605"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, related to a \"limited session re-use.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-23T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "53505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53522"
},
{
"name": "93605",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/93605"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, related to a \"limited session re-use.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "53505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53522"
},
{
"name": "93605",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/93605"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3374",
"datePublished": "2013-08-23T16:00:00Z",
"dateReserved": "2013-05-06T00:00:00Z",
"dateUpdated": "2024-09-17T03:53:01.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3373 (GCVE-0-2013-3373)
Vulnerability from cvelistv5
Published
2013-08-23 16:00
Modified
2024-09-16 17:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html | mailing-list, x_refsource_MLIST | |
| http://www.osvdb.org/93606 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/53505 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2012/dsa-2670 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/53522 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:37.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "93606",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/93606"
},
{
"name": "53505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53522"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-23T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "93606",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/93606"
},
{
"name": "53505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53522"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "93606",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/93606"
},
{
"name": "53505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53522"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3373",
"datePublished": "2013-08-23T16:00:00Z",
"dateReserved": "2013-05-06T00:00:00Z",
"dateUpdated": "2024-09-16T17:33:13.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1685 (GCVE-0-2011-1685)
Vulnerability from cvelistv5
Published
2011-04-22 10:00
Modified
2024-08-06 22:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2011/1071 | vdb-entry, x_refsource_VUPEN | |
| http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=696795 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66791 | vdb-entry, x_refsource_XF | |
| http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/47383 | vdb-entry, x_refsource_BID | |
| http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2011/dsa-2220 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/44189 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:24.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-1071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"name": "[rt-announce] 20110414 RT 3.8.10 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"name": "rt-externalcustomfield-code-exec(66791)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66791"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"name": "47383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47383"
},
{
"name": "[rt-announce] 20110414 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"name": "DSA-2220",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"name": "44189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2011-1071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"name": "[rt-announce] 20110414 RT 3.8.10 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"name": "rt-externalcustomfield-code-exec(66791)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66791"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"name": "47383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47383"
},
{
"name": "[rt-announce] 20110414 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"name": "DSA-2220",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"name": "44189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44189"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2011-1071",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1071"
},
{
"name": "[rt-announce] 20110414 RT 3.8.10 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=696795",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
},
{
"name": "rt-externalcustomfield-code-exec(66791)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66791"
},
{
"name": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html",
"refsource": "CONFIRM",
"url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
},
{
"name": "47383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47383"
},
{
"name": "[rt-announce] 20110414 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
},
{
"name": "DSA-2220",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2220"
},
{
"name": "44189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44189"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1685",
"datePublished": "2011-04-22T10:00:00",
"dateReserved": "2011-04-13T00:00:00",
"dateUpdated": "2024-08-06T22:37:24.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5587 (GCVE-0-2013-5587)
Vulnerability from cvelistv5
Published
2013-08-23 16:00
Modified
2024-09-16 19:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/53505 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2012/dsa-2670 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/53522 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "53505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53522"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-23T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "53505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53522"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "53505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53522"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5587",
"datePublished": "2013-08-23T16:00:00Z",
"dateReserved": "2013-08-23T00:00:00Z",
"dateUpdated": "2024-09-16T19:19:35.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4460 (GCVE-0-2011-4460)
Vulnerability from cvelistv5
Published
2012-06-04 19:00
Modified
2024-08-07 00:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/49259 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/82136 | vdb-entry, x_refsource_OSVDB | |
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75824 | vdb-entry, x_refsource_XF | |
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/53660 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49259"
},
{
"name": "82136",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/82136"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "rt-unspecified-sql-injection(75824)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75824"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49259"
},
{
"name": "82136",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/82136"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "rt-unspecified-sql-injection(75824)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75824"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49259"
},
{
"name": "82136",
"refsource": "OSVDB",
"url": "http://osvdb.org/82136"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "rt-unspecified-sql-injection(75824)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75824"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4460",
"datePublished": "2012-06-04T19:00:00",
"dateReserved": "2011-11-16T00:00:00",
"dateUpdated": "2024-08-07T00:09:18.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3371 (GCVE-0-2013-3371)
Vulnerability from cvelistv5
Published
2013-08-23 16:00
Modified
2024-09-16 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html | mailing-list, x_refsource_MLIST | |
| http://www.osvdb.org/93608 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/53505 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2012/dsa-2670 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/53522 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:37.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "93608",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/93608"
},
{
"name": "53505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53522"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-23T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "93608",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/93608"
},
{
"name": "53505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53522"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "93608",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/93608"
},
{
"name": "53505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53522"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3371",
"datePublished": "2013-08-23T16:00:00Z",
"dateReserved": "2013-05-06T00:00:00Z",
"dateUpdated": "2024-09-16T16:27:42.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3372 (GCVE-0-2013-3372)
Vulnerability from cvelistv5
Published
2013-08-23 16:00
Modified
2024-09-17 02:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html | mailing-list, x_refsource_MLIST | |
| http://www.osvdb.org/93607 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/53505 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2012/dsa-2670 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/53522 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:37.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "93607",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/93607"
},
{
"name": "53505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53522"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-23T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "93607",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/93607"
},
{
"name": "53505",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53522"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20130522 RT 3.8.17 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
},
{
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "93607",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/93607"
},
{
"name": "53505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53522"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3372",
"datePublished": "2013-08-23T16:00:00Z",
"dateReserved": "2013-05-06T00:00:00Z",
"dateUpdated": "2024-09-17T02:31:37.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2769 (GCVE-0-2012-2769)
Vulnerability from cvelistv5
Published
2012-08-15 21:00
Modified
2024-08-06 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/54684 | vdb-entry, x_refsource_BID | |
| http://lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/77211 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/50010 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54684",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54684"
},
{
"name": "[rt-announce] 20120725 Security vulnerabilities in three commonly deployed RT extensions",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html"
},
{
"name": "extensionmobileui-unspec-xs(77211)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77211"
},
{
"name": "50010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "54684",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54684"
},
{
"name": "[rt-announce] 20120725 Security vulnerabilities in three commonly deployed RT extensions",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html"
},
{
"name": "extensionmobileui-unspec-xs(77211)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77211"
},
{
"name": "50010",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50010"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54684",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54684"
},
{
"name": "[rt-announce] 20120725 Security vulnerabilities in three commonly deployed RT extensions",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html"
},
{
"name": "extensionmobileui-unspec-xs(77211)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77211"
},
{
"name": "50010",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50010"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2769",
"datePublished": "2012-08-15T21:00:00",
"dateReserved": "2012-05-18T00:00:00",
"dateUpdated": "2024-08-06T19:42:32.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2084 (GCVE-0-2011-2084)
Vulnerability from cvelistv5
Published
2012-06-04 19:00
Modified
2024-08-06 22:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/49259 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/53660 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49259"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-29T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49259"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49259"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2084",
"datePublished": "2012-06-04T19:00:00",
"dateReserved": "2011-05-13T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4458 (GCVE-0-2011-4458)
Vulnerability from cvelistv5
Published
2012-06-04 19:00
Modified
2024-08-07 00:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/49259 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/53660 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49259"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-29T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49259"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49259"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4458",
"datePublished": "2012-06-04T19:00:00",
"dateReserved": "2011-11-16T00:00:00",
"dateUpdated": "2024-08-07T00:09:18.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2085 (GCVE-0-2011-2085)
Vulnerability from cvelistv5
Published
2012-06-04 19:00
Modified
2024-08-06 22:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/49259 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html | mailing-list, x_refsource_MLIST | |
| http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/53660 | vdb-entry, x_refsource_BID | |
| https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49259"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53660"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-25T16:06:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49259"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53660"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49259"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53660"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2085",
"datePublished": "2012-06-04T19:00:00",
"dateReserved": "2011-05-13T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0009 (GCVE-0-2011-0009)
Vulnerability from cvelistv5
Published
2011-01-25 18:00
Modified
2024-08-06 21:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2150",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2150"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610850"
},
{
"name": "ADV-2011-0576",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0576"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=672250"
},
{
"name": "43438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43438"
},
{
"name": "FEDORA-2011-1677",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054740.html"
},
{
"name": "[rt-announce] 20110119 Security vulnerability in RT 3.0 and up",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-January/000185.html"
},
{
"name": "70661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70661"
},
{
"name": "ADV-2011-0190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0190"
},
{
"name": "ADV-2011-0475",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0475"
},
{
"name": "45959",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45959"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-25T16:06:39",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-2150",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2150"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610850"
},
{
"name": "ADV-2011-0576",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0576"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=672250"
},
{
"name": "43438",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43438"
},
{
"name": "FEDORA-2011-1677",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054740.html"
},
{
"name": "[rt-announce] 20110119 Security vulnerability in RT 3.0 and up",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-January/000185.html"
},
{
"name": "70661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70661"
},
{
"name": "ADV-2011-0190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0190"
},
{
"name": "ADV-2011-0475",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0475"
},
{
"name": "45959",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45959"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0009",
"datePublished": "2011-01-25T18:00:00",
"dateReserved": "2010-12-07T00:00:00",
"dateUpdated": "2024-08-06T21:36:02.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4734 (GCVE-0-2012-4734)
Vulnerability from cvelistv5
Published
2012-11-11 11:00
Modified
2024-08-06 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to a crafted link.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/86709 | vdb-entry, x_refsource_OSVDB | |
| http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:55.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "86709",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/86709"
},
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a \"confused deputy\" attack to bypass the CSRF warning protection mechanism and cause victims to \"modify arbitrary state\" via unknown vectors related to a crafted link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "86709",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/86709"
},
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a \"confused deputy\" attack to bypass the CSRF warning protection mechanism and cause victims to \"modify arbitrary state\" via unknown vectors related to a crafted link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "86709",
"refsource": "OSVDB",
"url": "http://osvdb.org/86709"
},
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4734",
"datePublished": "2012-11-11T11:00:00",
"dateReserved": "2012-08-29T00:00:00",
"dateUpdated": "2024-08-06T20:42:55.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4884 (GCVE-0-2012-4884)
Vulnerability from cvelistv5
Published
2012-11-11 11:00
Modified
2024-09-16 16:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2012/dsa-2567 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:17.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
},
{
"name": "DSA-2567",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2567"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-11T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
},
{
"name": "DSA-2567",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2567"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
},
{
"name": "DSA-2567",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2567"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4884",
"datePublished": "2012-11-11T11:00:00Z",
"dateReserved": "2012-09-07T00:00:00Z",
"dateUpdated": "2024-09-16T16:58:55.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}