PT-2013-4332 · Best Practical+1 · Request Tracker+1

Jenny Martin

·

Publicado

2013-08-23

·

Atualizado

2017-09-03

·

CVE-2013-3374

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Request Tracker (RT) versions 3.8.x through 3.8.16 Request Tracker (RT) versions 4.0.x through 4.0.12
Description The issue allows remote attackers to obtain sensitive information, such as user preferences and caches, via unknown vectors, related to a "limited session re-use" when using the Apache::Session::File session store.
Recommendations For versions 3.8.x through 3.8.16, update to version 3.8.17 or later. For versions 4.0.x through 4.0.12, update to version 4.0.13 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Identificadores relacionados

CVE-2013-3374
DSA-2670-1
DSA-2671-1
MGASA-2017-0325

Produtos afetados

Apache::Session
Request Tracker