Vulnerabilities > CVE-2011-1690 - Credentials Management vulnerability in Bestpractical RT
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2220.NASL description Several vulnerabilities were discovered in Request Tracker, an issue tracking system. - CVE-2011-1685 If the external custom field feature is enabled, Request Tracker allows authenticated users to execute arbitrary code with the permissions of the web server, possible triggered by a cross-site request forgery attack. (External custom fields are disabled by default.) - CVE-2011-1686 Multiple SQL injection attacks allow authenticated users to obtain data from the database in an unauthorized way. - CVE-2011-1687 An information leak allows an authenticated privileged user to obtain sensitive information, such as encrypted passwords, via the search interface. - CVE-2011-1688 When running under certain web servers (such as Lighttpd), Request Tracker is vulnerable to a directory traversal attack, allowing attackers to read any files accessible to the web server. Request Tracker instances running under Apache or Nginx are not affected. - CVE-2011-1689 Request Tracker contains multiple cross-site scripting vulnerabilities. - CVE-2011-1690 Request Tracker enables attackers to redirect authentication credentials supplied by legitimate users to third-party servers. last seen 2020-03-17 modified 2011-04-20 plugin id 53495 published 2011-04-20 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53495 title Debian DSA-2220-1 : request-tracker3.6, request-tracker3.8 - several vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_BF17150968DD11E0AFE60003BA02BF30.NASL description Best Practical reports : In the process of preparing the release of RT 4.0.0, we performed an extensive security audit of RT last seen 2020-06-01 modified 2020-06-02 plugin id 53470 published 2011-04-18 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53470 title FreeBSD : rt -- multiple vulnerabilities (bf171509-68dd-11e0-afe6-0003ba02bf30)
References
- http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html
- http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html
- http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html
- http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html
- http://secunia.com/advisories/44189
- http://www.debian.org/security/2011/dsa-2220
- http://www.securityfocus.com/bid/47383
- http://www.vupen.com/english/advisories/2011/1071
- https://bugzilla.redhat.com/show_bug.cgi?id=696795
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66794