CVE-2009-3585

Name of the Vulnerable Software and Affected Versions Best Practical Solutions RT versions 3.0.0 through 3.6.9 Best Practical Solutions RT versions 3.8.x through 3.8.5 rt3.4-clients (affected versions not specified) rt3.6-apache2 (affected versions not specified) rt3.6-db-mysql (affected versions not specified) rt3.4-apache (affected versions not specified) rt3.6-db-postgresql (affected versions not specified) rt3.6-apache (affected versions not specified) rt3.6-db-sqlite (affected versions not specified) rt3.6-clients (affected versions not specified) rt3.4-apache2 (affected versions not specified)

Description The issue involves multiple vulnerabilities in the mentioned software packages, which can lead to the disruption of confidentiality and integrity of protected information. These vulnerabilities can be exploited remotely. A session fixation vulnerability in the html/Elements/SetupSessionCookie component of Best Practical Solutions RT allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same domain.

Recommendations For Best Practical Solutions RT versions 3.0.0 through 3.6.9, update to a version outside of this range to mitigate the risk. For Best Practical Solutions RT versions 3.8.x through 3.8.5, update to a version outside of this range to mitigate the risk. For rt3.4-clients, rt3.6-apache2, rt3.6-db-mysql, rt3.4-apache, rt3.6-db-postgresql, rt3.6-apache, rt3.6-db-sqlite, rt3.6-clients, and rt3.4-apache2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.