Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDD08F6002-C588-11E4-8495-6805CA0B3D42
HistoryFeb 26, 2015 - 12:00 a.m.

rt -- Remote DoS, Information disclosure and Session Hijackingvulnerabilities

2015-02-2600:00:00
vuxml.freebsd.org
18

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.014 Low

EPSS

Percentile

86.4%

JSON

Best Practical reports:

RT 3.0.0 and above, if running on Perl 5.14.0 or higher,
are vulnerable to a remote denial-of-service via the email
gateway; any installation which accepts mail from untrusted
sources is vulnerable, regardless of the permissions
configuration inside RT. This denial-of-service may
encompass both CPU and disk usage, depending on RT’s logging
configuration. This vulnerability is assigned
CVE-2014-9472.
RT 3.8.8 and above are vulnerable to an information
disclosure attack which may reveal RSS feeds URLs, and thus
ticket data; this vulnerability is assigned
CVE-2015-1165. RSS feed URLs can also be leveraged to
perform session hijacking, allowing a user with the URL to
log in as the user that created the feed; this vulnerability
is assigned CVE-2015-1464.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchrt42= 4.2.0UNKNOWN
FreeBSDanynoarchrt42< 4.2.10UNKNOWN
FreeBSDanynoarchrt40= 4.0.0UNKNOWN
FreeBSDanynoarchrt40< 4.0.23UNKNOWN

Related

nessus 6
osv 2
debian 3
openvas 6
fedora 2
securityvulns 2
cve 3
prion 3
ubuntucve 3
debiancve 3
mageia 1
nessus
nessus
Debian DSA-3176-1 : request-tracker4 - security update
2015-02-27 00:00:00
Request Tracker 4.0.x < 4.0.23 / 4.2.x < 4.2.10 Multiple Vulnerabilities
2015-04-29 00:00:00
Fedora 21 : rt-4.2.10-2.fc21 (2015-4666)
2015-04-07 00:00:00
osv
osv
request-tracker3.8 - security update
2015-02-27 00:00:00
request-tracker4 - security update
2015-02-26 00:00:00
debian
debian
[SECURITY] [DSA 3176-1] request-tracker4 security update
2015-02-26 17:00:44
[SECURITY] [DSA 3176-1] request-tracker4 security update
2015-02-26 17:00:44
[SECURITY] [DLA 158-1] request-tracker3.8 security update
2015-02-27 00:26:38
openvas
openvas
Fedora Update for rt FEDORA-2015-4698
2015-07-07 00:00:00
Debian: Security Advisory (DSA-3176-1)
2015-02-25 00:00:00
Debian Security Advisory DSA 3176-1 (request-tracker4 - security update)
2015-02-26 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: rt-4.2.10-2.fc22
2015-03-31 21:48:30
[SECURITY] Fedora 21 Update: rt-4.2.10-2.fc21
2015-04-04 07:20:34
securityvulns
securityvulns
[SECURITY] [DSA 3176-1] request-tracker4 security update
2015-03-23 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2015-03-23 00:00:00
cve
cve
CVE-2014-9472
2015-03-09 14:59:00
CVE-2015-1464
2015-03-09 14:59:00
CVE-2015-1165
2015-03-09 14:59:00
prion
prion
Design/Logic Flaw
2015-03-09 14:59:00
Design/Logic Flaw
2015-03-09 14:59:00
Design/Logic Flaw
2015-03-09 14:59:00
ubuntucve
ubuntucve
CVE-2014-9472
2015-03-09 00:00:00
CVE-2015-1165
2015-03-09 00:00:00
CVE-2015-1464
2015-03-09 00:00:00
debiancve
debiancve
CVE-2014-9472
2015-03-09 14:59:00
CVE-2015-1165
2015-03-09 14:59:00
CVE-2015-1464
2015-03-09 14:59:00
mageia
mageia
Updated rt/perl-Encode packages fix security vulnerability
2017-09-03 17:31:33

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.014 Low

EPSS

Percentile

86.4%

JSON
Related for D08F6002-C588-11E4-8495-6805CA0B3D42
nessus6osv2debian3openvas6fedora2securityvulns2cve3prion3ubuntucve3debiancve3mageia1