|
|
Log in / Subscribe / Register

request-tracker: multiple vulnerabilities

Package(s):request-tracker4 CVE #(s):CVE-2014-9472 CVE-2015-1165 CVE-2015-1464
Created:February 27, 2015 Updated:April 6, 2015
Description:

From the Debian advisory:

CVE-2014-9472 - Christian Loos discovered a remote denial of service vulnerability, exploitable via the email gateway and affecting any installation which accepts mail from untrusted sources. Depending on RT's logging configuration, a remote attacker can take advantage of this flaw to cause CPU and excessive disk usage.

CVE-2015-1165 - Christian Loos discovered an information disclosure flaw which may reveal RSS feeds URLs, and thus ticket data.

CVE-2015-1464 - It was discovered that RSS feed URLs can be leveraged to perform session hijacking, allowing a user with the URL to log in as the user that created the feed.

Alerts:
Fedora FEDORA-2015-4666 rt 2015-04-04
Debian-LTS DLA-158-1 request-tracker3.8 2015-02-27
Debian DSA-3176-1 request-tracker4 2015-02-26
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds