fkie_nvd - fkie_cve-2011-1690

fkie_cve-2011-1690

Vulnerability from fkie_nvd

Published

2011-04-22 10:55

Modified

2025-04-11 00:51

Severity ?

Summary

Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html
cve@mitre.org	http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html	Patch
cve@mitre.org	http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html	Patch
cve@mitre.org	http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html	Patch
cve@mitre.org	http://secunia.com/advisories/44189	Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2011/dsa-2220
cve@mitre.org	http://www.securityfocus.com/bid/47383
cve@mitre.org	http://www.vupen.com/english/advisories/2011/1071
cve@mitre.org	https://bugzilla.redhat.com/show_bug.cgi?id=696795	Patch
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/66794
af854a3a-2127-422b-91ae-364da2661108	http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44189	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2220
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47383
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/1071
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=696795	Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/66794

Impacted products

Vendor	Product	Version
bestpractical	rt	3.6.0
bestpractical	rt	3.6.1
bestpractical	rt	3.6.2
bestpractical	rt	3.6.3
bestpractical	rt	3.6.4
bestpractical	rt	3.6.5
bestpractical	rt	3.6.6
bestpractical	rt	3.6.7
bestpractical	rt	3.6.8
bestpractical	rt	3.6.9
bestpractical	rt	3.6.10
bestpractical	rt	3.8.0
bestpractical	rt	3.8.1
bestpractical	rt	3.8.2
bestpractical	rt	3.8.3
bestpractical	rt	3.8.4
bestpractical	rt	3.8.5
bestpractical	rt	3.8.6
bestpractical	rt	3.8.6
bestpractical	rt	3.8.7
bestpractical	rt	3.8.7
bestpractical	rt	3.8.8
bestpractical	rt	3.8.8
bestpractical	rt	3.8.8
bestpractical	rt	3.8.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "00AFB893-E37A-4E81-A984-66D677161D80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "312703C9-7145-4599-8B2C-6EF7BC060A07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "84FB5217-7650-4BB2-A0AB-BAB6A362CFD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4BF6295-E0EF-44B8-A694-348EF39371BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Best Practical Solutions RT v3.6.0 hasta v3.6.10 y v3.8.0 hasta v3.8.8 permite a atacantes remotos enga\u00f1ar a los usuarios para que env\u00eden las credenciales a un servidor de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2011-1690",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-04-22T10:55:02.530",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44189"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2011/dsa-2220"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/47383"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/1071"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2220"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/1071"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696795"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66794"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2011-1690 (GCVE-0-2011-1690)

Vulnerability from cvelistv5

Published

2011-04-22 10:00