Lucene search
HistoryNov 11, 2012 - 1:00 p.m.
CVE-2012-4734
cve-2012-4734
nvd
request tracker
csrf
remote attack
security vulnerability
6.6 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
51.2%
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a “confused deputy” attack to bypass the CSRF warning protection mechanism and cause victims to “modify arbitrary state” via unknown vectors related to a crafted link.
Affected configurations
Node
bestpracticalrtMatch3.8.0
ORbestpracticalrtMatch3.8.0preflight1
ORbestpracticalrtMatch3.8.0rc1
ORbestpracticalrtMatch3.8.0rc2
ORbestpracticalrtMatch3.8.0rc3
ORbestpracticalrtMatch3.8.1
ORbestpracticalrtMatch3.8.1preflight0
ORbestpracticalrtMatch3.8.1rc1
ORbestpracticalrtMatch3.8.1rc2
ORbestpracticalrtMatch3.8.1rc3
ORbestpracticalrtMatch3.8.1rc4
ORbestpracticalrtMatch3.8.1rc5
ORbestpracticalrtMatch3.8.2
ORbestpracticalrtMatch3.8.2rc1
ORbestpracticalrtMatch3.8.2rc2
ORbestpracticalrtMatch3.8.3
ORbestpracticalrtMatch3.8.3rc1
ORbestpracticalrtMatch3.8.3rc2
ORbestpracticalrtMatch3.8.4
ORbestpracticalrtMatch3.8.4rc1
ORbestpracticalrtMatch3.8.5
ORbestpracticalrtMatch3.8.6
ORbestpracticalrtMatch3.8.6rc1
ORbestpracticalrtMatch3.8.7
ORbestpracticalrtMatch3.8.7rc1
ORbestpracticalrtMatch3.8.8
ORbestpracticalrtMatch3.8.8rc2
ORbestpracticalrtMatch3.8.8rc3
ORbestpracticalrtMatch3.8.8rc4
ORbestpracticalrtMatch3.8.9
ORbestpracticalrtMatch3.8.9rc1
ORbestpracticalrtMatch3.8.9rc2
ORbestpracticalrtMatch3.8.9rc3
ORbestpracticalrtMatch3.8.10
ORbestpracticalrtMatch3.8.10rc1
ORbestpracticalrtMatch3.8.11
ORbestpracticalrtMatch3.8.11rc1
ORbestpracticalrtMatch3.8.11rc2
ORbestpracticalrtMatch3.8.12
ORbestpracticalrtMatch3.8.13rc1
ORbestpracticalrtMatch3.8.13rc2
ORbestpracticalrtMatch3.8.14rc1
ORbestpracticalrtMatch4.0.0
ORbestpracticalrtMatch4.0.0rc1
ORbestpracticalrtMatch4.0.0rc2
ORbestpracticalrtMatch4.0.0rc3
ORbestpracticalrtMatch4.0.0rc4
ORbestpracticalrtMatch4.0.0rc5
ORbestpracticalrtMatch4.0.0rc6
ORbestpracticalrtMatch4.0.0rc7
ORbestpracticalrtMatch4.0.0rc8
ORbestpracticalrtMatch4.0.1
ORbestpracticalrtMatch4.0.1rc1
ORbestpracticalrtMatch4.0.1rc2
ORbestpracticalrtMatch4.0.2
ORbestpracticalrtMatch4.0.2rc1
ORbestpracticalrtMatch4.0.2rc2
ORbestpracticalrtMatch4.0.3
ORbestpracticalrtMatch4.0.3rc1
ORbestpracticalrtMatch4.0.3rc2
ORbestpracticalrtMatch4.0.4
ORbestpracticalrtMatch4.0.5
ORbestpracticalrtMatch4.0.5rc1
ORbestpracticalrtMatch4.0.6
ORbestpracticalrtMatch4.0.7rc1
ORbestpracticalrtMatch4.0.8rc1
ORbestpracticalrtMatch4.0.8rc2
Related
ubuntucve
ubuntucve
CVE-2012-4734
2012-11-11 00:00:00
debiancve
debiancve
CVE-2012-4734
2012-11-11 13:00:59
prion
prion
Design/Logic Flaw
2012-11-11 13:00:00
cvelist
cvelist
CVE-2012-4734
2012-11-11 11:00:00
nvd
nvd
CVE-2012-4734
2012-11-11 13:00:59
fedora
fedora
[SECURITY] Fedora 18 Update: rt3-3.8.15-1.fc18
2012-11-08 05:43:51
[SECURITY] Fedora 17 Update: rt3-3.8.15-1.fc17
2012-11-08 01:55:15
[SECURITY] Fedora 16 Update: rt3-3.8.15-1.fc16
2012-11-08 01:53:54
securityvulns
securityvulns
[SECURITY] [DSA 2567-1] request-tracker3.8 security update
2012-10-30 00:00:00
openvas
openvas
Fedora Update for rt3 FEDORA-2012-17174
2012-11-09 00:00:00
Debian Security Advisory DSA 2567-1 (request-tracker3.8)
2012-10-29 00:00:00
Fedora Update for rt3 FEDORA-2012-17218
2012-11-09 00:00:00
debian
debian
[SECURITY] [DSA 2567-1] request-tracker3.8 security update
2012-10-26 20:12:00
freebsd
freebsd
RT -- Multiple Vulnerabilities
2012-10-26 00:00:00
nessus
nessus
Debian DSA-2567-1 : request-tracker3.8 - several vulnerabilities
2012-10-29 00:00:00
Fedora 18 : rt3-3.8.15-1.fc18 (2012-17143)
2012-11-08 00:00:00
osv
osv
request-tracker3.8 - several
2012-10-26 00:00:00
6.6 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
51.2%
Related for CVE-2012-4734