Best Practical · Request Tracker · CVE-2013-3374
**Name of the Vulnerable Software and Affected Versions**
Request Tracker (RT) versions 3.8.x through 3.8.16
Request Tracker (RT) versions 4.0.x through 4.0.12
**Description**
The issue allows remote attackers to obtain sensitive information, such as user preferences and caches, via unknown vectors, related to a "limited session re-use" when using the Apache::Session::File session store.
**Recommendations**
For versions 3.8.x through 3.8.16, update to version 3.8.17 or later.
For versions 4.0.x through 4.0.12, update to version 4.0.13 or later.