CVE-2011-1007

EUVD-2011-1024
Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
bestpracticalrt
𝑥
≤ 3.8.9
bestpracticalrt
1.0.0
bestpracticalrt
1.0.1
bestpracticalrt
1.0.2
bestpracticalrt
1.0.3
bestpracticalrt
1.0.4
bestpracticalrt
1.0.5
bestpracticalrt
1.0.6
bestpracticalrt
1.0.7
bestpracticalrt
2.0.0
bestpracticalrt
2.0.1
bestpracticalrt
2.0.2
bestpracticalrt
2.0.3
bestpracticalrt
2.0.4
bestpracticalrt
2.0.5
bestpracticalrt
2.0.5.1
bestpracticalrt
2.0.5.3
bestpracticalrt
2.0.6
bestpracticalrt
2.0.7
bestpracticalrt
2.0.8
bestpracticalrt
2.0.8.2
bestpracticalrt
2.0.9
bestpracticalrt
2.0.11
bestpracticalrt
2.0.12
bestpracticalrt
2.0.13
bestpracticalrt
2.0.14
bestpracticalrt
2.0.15
bestpracticalrt
3.0.0
bestpracticalrt
3.0.1
bestpracticalrt
3.0.2
bestpracticalrt
3.0.3
bestpracticalrt
3.0.4
bestpracticalrt
3.0.5
bestpracticalrt
3.0.6
bestpracticalrt
3.0.7
bestpracticalrt
3.0.7.1
bestpracticalrt
3.0.8
bestpracticalrt
3.0.9
bestpracticalrt
3.0.10
bestpracticalrt
3.0.11
bestpracticalrt
3.0.12
bestpracticalrt
3.2.0
bestpracticalrt
3.2.1
bestpracticalrt
3.2.2
bestpracticalrt
3.2.3
bestpracticalrt
3.4.0
bestpracticalrt
3.4.1
bestpracticalrt
3.4.2
bestpracticalrt
3.4.3
bestpracticalrt
3.4.4
bestpracticalrt
3.4.5
bestpracticalrt
3.4.6
bestpracticalrt
3.6.0
bestpracticalrt
3.6.1
bestpracticalrt
3.6.2
bestpracticalrt
3.6.3
bestpracticalrt
3.6.4
bestpracticalrt
3.6.5
bestpracticalrt
3.6.6
bestpracticalrt
3.6.7
bestpracticalrt
3.6.8
bestpracticalrt
3.6.9
bestpracticalrt
3.8.0
bestpracticalrt
3.8.1
bestpracticalrt
3.8.2
bestpracticalrt
3.8.3
bestpracticalrt
3.8.4
bestpracticalrt
3.8.5
bestpracticalrt
3.8.6
bestpracticalrt
3.8.6:rc1
bestpracticalrt
3.8.7:rc1
bestpracticalrt
3.8.8:rc2
bestpracticalrt
3.8.8:rc3
bestpracticalrt
3.8.8:rc4
bestpracticalrt
3.8.9:rc1
bestpracticalrt
3.8.9:rc2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
request-tracker3.6
dapper
dne
hardy
ignored
karmic
ignored
lucid
dne
maverick
dne
natty
dne
oneiric
dne
precise
dne
quantal
dne
raring
dne
saucy
dne
request-tracker3.8
dapper
dne
hardy
dne
karmic
ignored
lucid
ignored
maverick
ignored
natty
Fixed 3.8.10-1
released
oneiric
not-affected
precise
not-affected
quantal
dne
raring
dne
saucy
dne
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575
http://issues.bestpractical.com/Ticket/Display.html?id=15804
http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html
http://openwall.com/lists/oss-security/2011/02/22/12
http://openwall.com/lists/oss-security/2011/02/22/16
http://openwall.com/lists/oss-security/2011/02/22/6
http://openwall.com/lists/oss-security/2011/02/23/22
http://openwall.com/lists/oss-security/2011/02/24/7
http://openwall.com/lists/oss-security/2011/02/24/8
http://openwall.com/lists/oss-security/2011/02/24/9
http://osvdb.org/71012
http://secunia.com/advisories/43438
http://www.vupen.com/english/advisories/2011/0475
https://exchange.xforce.ibmcloud.com/vulnerabilities/65771
https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069
https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575
http://issues.bestpractical.com/Ticket/Display.html?id=15804
http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html
http://openwall.com/lists/oss-security/2011/02/22/12
http://openwall.com/lists/oss-security/2011/02/22/16
http://openwall.com/lists/oss-security/2011/02/22/6
http://openwall.com/lists/oss-security/2011/02/23/22
http://openwall.com/lists/oss-security/2011/02/24/7
http://openwall.com/lists/oss-security/2011/02/24/8
http://openwall.com/lists/oss-security/2011/02/24/9
http://osvdb.org/71012
http://secunia.com/advisories/43438
http://www.vupen.com/english/advisories/2011/0475
https://exchange.xforce.ibmcloud.com/vulnerabilities/65771
https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069
https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E