8 matches found
Debian DSA-1944-1 : request-tracker3.4 request-tracker3.6 - session hijack
Mikal Gule discovered that request-tracker, an extensible trouble-ticket tracking system, is prone to an attack, where an attacker with access to the same domain can hijack a user's RT session. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
Fedora Core 10 FEDORA-2009-12817 (rt3)
The remote host is missing an update to rt3 announced via advisory FEDORA-2009-12817. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Fedora 12 : rt3-3.8.4-7.fc12 (2009-12783)
Fri Dec 4 2009 Ralf Corsepius - 3.8.4-7 - Add rt-3.8.4-rh-bz543962.diff BZ 543962. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
Fedora Core 11 FEDORA-2009-12827 (rt3)
The remote host is missing an update to rt3 announced via advisory FEDORA-2009-12827. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Fedora Core 11 FEDORA-2009-12827 (rt3)
The remote host is missing an update to rt3 announced via advisory FEDORA-2009-12827. OpenVAS Vulnerability Test $Id: fcore200912827.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-12827 rt3 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...
Fedora Core 12 FEDORA-2009-12783 (rt3)
The remote host is missing an update to rt3 announced via advisory FEDORA-2009-12783. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
CVE-2009-4151
Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages "HTTP access to the RT server," a relate...
CVE-2009-4151
CVE-2009-4151 describes a session fixation vulnerability in Best Practical Solutions RT, affecting RT 3.0.0–3.6.9 and RT 3.8.x up to 3.8.5. The issue arises in the SetupSessionCookie path where an attacker can influence the session identifier via HTTP access to the RT server, enabling potential s...