fkie_cve-2011-1007
Vulnerability from fkie_nvd
Published
2011-02-28 16:00
Modified
2025-04-11 00:51
Severity ?
Summary
Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout.
References
secalert@redhat.comhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575Patch
secalert@redhat.comhttp://issues.bestpractical.com/Ticket/Display.html?id=15804
secalert@redhat.comhttp://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.htmlPatch
secalert@redhat.comhttp://openwall.com/lists/oss-security/2011/02/22/12Patch
secalert@redhat.comhttp://openwall.com/lists/oss-security/2011/02/22/16Patch
secalert@redhat.comhttp://openwall.com/lists/oss-security/2011/02/22/6Patch
secalert@redhat.comhttp://openwall.com/lists/oss-security/2011/02/23/22
secalert@redhat.comhttp://openwall.com/lists/oss-security/2011/02/24/7
secalert@redhat.comhttp://openwall.com/lists/oss-security/2011/02/24/8
secalert@redhat.comhttp://openwall.com/lists/oss-security/2011/02/24/9
secalert@redhat.comhttp://osvdb.org/71012
secalert@redhat.comhttp://secunia.com/advisories/43438Vendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0475Vendor Advisory
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/65771
secalert@redhat.comhttps://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069Patch
secalert@redhat.comhttps://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4Patch
secalert@redhat.comhttps://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575Patch
af854a3a-2127-422b-91ae-364da2661108http://issues.bestpractical.com/Ticket/Display.html?id=15804
af854a3a-2127-422b-91ae-364da2661108http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2011/02/22/12Patch
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2011/02/22/16Patch
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2011/02/22/6Patch
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2011/02/23/22
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2011/02/24/7
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2011/02/24/8
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2011/02/24/9
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/71012
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43438Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0475Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/65771
af854a3a-2127-422b-91ae-364da2661108https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
Impacted products
Vendor Product Version
bestpractical rt *
bestpractical rt 1.0.0
bestpractical rt 1.0.1
bestpractical rt 1.0.2
bestpractical rt 1.0.3
bestpractical rt 1.0.4
bestpractical rt 1.0.5
bestpractical rt 1.0.6
bestpractical rt 1.0.7
bestpractical rt 2.0.0
bestpractical rt 2.0.1
bestpractical rt 2.0.2
bestpractical rt 2.0.3
bestpractical rt 2.0.4
bestpractical rt 2.0.5
bestpractical rt 2.0.5.1
bestpractical rt 2.0.5.3
bestpractical rt 2.0.6
bestpractical rt 2.0.7
bestpractical rt 2.0.8
bestpractical rt 2.0.8.2
bestpractical rt 2.0.9
bestpractical rt 2.0.11
bestpractical rt 2.0.12
bestpractical rt 2.0.13
bestpractical rt 2.0.14
bestpractical rt 2.0.15
bestpractical rt 3.0.0
bestpractical rt 3.0.1
bestpractical rt 3.0.2
bestpractical rt 3.0.3
bestpractical rt 3.0.4
bestpractical rt 3.0.5
bestpractical rt 3.0.6
bestpractical rt 3.0.7
bestpractical rt 3.0.7.1
bestpractical rt 3.0.8
bestpractical rt 3.0.9
bestpractical rt 3.0.10
bestpractical rt 3.0.11
bestpractical rt 3.0.12
bestpractical rt 3.2.0
bestpractical rt 3.2.1
bestpractical rt 3.2.2
bestpractical rt 3.2.3
bestpractical rt 3.4.0
bestpractical rt 3.4.1
bestpractical rt 3.4.2
bestpractical rt 3.4.3
bestpractical rt 3.4.4
bestpractical rt 3.4.5
bestpractical rt 3.4.6
bestpractical rt 3.6.0
bestpractical rt 3.6.1
bestpractical rt 3.6.2
bestpractical rt 3.6.3
bestpractical rt 3.6.4
bestpractical rt 3.6.5
bestpractical rt 3.6.6
bestpractical rt 3.6.7
bestpractical rt 3.6.8
bestpractical rt 3.6.9
bestpractical rt 3.8.0
bestpractical rt 3.8.1
bestpractical rt 3.8.2
bestpractical rt 3.8.3
bestpractical rt 3.8.4
bestpractical rt 3.8.5
bestpractical rt 3.8.6
bestpractical rt 3.8.6
bestpractical rt 3.8.7
bestpractical rt 3.8.8
bestpractical rt 3.8.8
bestpractical rt 3.8.8
bestpractical rt 3.8.9
bestpractical rt 3.8.9


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:*:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "A1369FE3-D1CC-4A6B-9D5B-796B1BAFE1AF",
              "versionEndIncluding": "3.8.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "798C7256-C8A7-46EA-BE0C-685620CF78AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC812A18-628E-4EFA-95C7-010694423894",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "05EFCBF0-4447-4457-92B9-587A28C2D8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E9A6E50-5666-48BF-8FD7-2668D8AD7344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "915FBC54-78F1-43AC-8394-AA25BC9F88F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F083E35-4189-45E9-A1A1-9062C88ED144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6C9869E-5949-4C1E-AED7-3A8FB3C133F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC2090D7-2796-44E9-8330-CE874E9514E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B558A64D-2E06-416C-85F5-AAFFD18096D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3A24FF7-A1B0-4998-A0F8-6E5D70901299",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F01659AA-9146-4238-9FEE-70D345D31094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EA74674-D04E-4458-ADF0-C733E9592B05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F4ACD97-35AD-4E23-83FC-E39016936EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF589DDB-4348-4A55-9468-DBB5F03C82F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:2.0.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C59D941-22C2-41A7-B9BA-4CBDA3E71F5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:2.0.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB507C08-D3CC-4AC8-9BAC-EED9FD09E1D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A50288EA-2628-47D7-9F25-EE514B9083F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "91868A78-C6C7-4C03-95B3-755816F8C663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4B4383B-20C5-4620-8107-255AD3D45D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:2.0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "09A128B7-AA70-49DD-A20E-B9BB7D23A4EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "88EFA7E0-C472-4E93-8E38-98DFCCD37EEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E6381E7-1C01-4239-A02F-C6DB5D775F7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:2.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4120F4E4-E4EB-434C-9764-370102198554",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:2.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1CA0866-CC49-4956-9493-849069B4485B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:2.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "565B7E66-BD96-419A-8EC2-FE971BDC47A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:2.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAC1443B-50C8-4E98-9900-CACFEA5AD00D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F451959A-5305-4210-977B-6B396BC0A4F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA418CF5-49D6-4E0E-A1B5-8CB23752989D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E238F87-8D8C-4E62-A8F0-3DB9EFDB8328",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FD8A7EF-5DB8-40C6-9124-A97A23B3EA02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AD553B8-8495-47E5-A543-4DC963B3511A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "28ADB191-4787-4FDB-B70A-F4C8BDF0F4B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2772389A-9BCD-4B13-88C8-75BC64E40AF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1F9D05F-C86D-40D8-A7D9-5448918B72DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "311485DA-5381-4EAD-AF58-B8C67373413A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EAF6671-8C77-448B-BF29-E2CF51176CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B55D762D-A723-435C-8D80-F7230F1648D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CC63EDC-541E-445D-8B72-799E4184B7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5E6196E-4A90-4F64-BA99-A8E04A09D5ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "91D7CE86-3FCD-472E-BF01-31FFB36701BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B3F0B2-8C70-4046-AAA0-FBD344FE4DBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD0173D-F699-4864-8856-D1792BDA0F84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19CC2E53-5DE8-4A31-9B8A-79335DFBAFEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "404AFC5C-20B4-41E5-ACDE-56626D68AFEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F37D1380-965B-40E0-8A20-61FEA072B8D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E101B0FE-499F-44D8-8B68-BB7FEE40D2B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "747D8CD1-EE12-48A4-A795-88BC66A8DA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDE201D-F31A-4738-B9AB-7BB11417990E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6ED4EC-F860-47BD-B699-551FB5DBF039",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3398823-1813-4D7B-9EC9-74222A240051",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F98B7895-BDB3-477C-8B34-88BD3E02EAFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "00AFB893-E37A-4E81-A984-66D677161D80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout."
    },
    {
      "lang": "es",
      "value": "Best Practical Solutions RT anterior a v3.8.9  no desarrolla ciertas redirecciones en el login, lo que permite a atacantes pr\u00f3ximos f\u00edsicamente obtener credenciales reenviando el formulario de registro a trav\u00e9s del bot\u00f3n back en un buscador web en una m\u00e1quina de trabajo no atendidad despu\u00e9s de un cierre de sesi\u00f3n RT."
    }
  ],
  "id": "CVE-2011-1007",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-02-28T16:00:01.603",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://issues.bestpractical.com/Ticket/Display.html?id=15804"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/02/22/12"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/02/22/16"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/02/22/6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2011/02/23/22"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2011/02/24/7"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2011/02/24/8"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2011/02/24/9"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/71012"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43438"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0475"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65771"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://issues.bestpractical.com/Ticket/Display.html?id=15804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/02/22/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/02/22/16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2011/02/22/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/02/23/22"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/02/24/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/02/24/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2011/02/24/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/71012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0475"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.