CVE-2012-4884 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	5 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:N/C:N/I:P/A:N
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 47%

Vendor	Product	Version
bestpractical	rt	3.8.0
bestpractical	rt	3.8.0:preflight1
bestpractical	rt	3.8.0:rc1
bestpractical	rt	3.8.0:rc2
bestpractical	rt	3.8.0:rc3
bestpractical	rt	3.8.1
bestpractical	rt	3.8.1:preflight0
bestpractical	rt	3.8.1:rc1
bestpractical	rt	3.8.1:rc2
bestpractical	rt	3.8.1:rc3
bestpractical	rt	3.8.1:rc4
bestpractical	rt	3.8.1:rc5
bestpractical	rt	3.8.2
bestpractical	rt	3.8.2:rc1
bestpractical	rt	3.8.2:rc2
bestpractical	rt	3.8.3
bestpractical	rt	3.8.3:rc1
bestpractical	rt	3.8.3:rc2
bestpractical	rt	3.8.4
bestpractical	rt	3.8.4:rc1
bestpractical	rt	3.8.5
bestpractical	rt	3.8.6
bestpractical	rt	3.8.6:rc1
bestpractical	rt	3.8.7
bestpractical	rt	3.8.7:rc1
bestpractical	rt	3.8.8
bestpractical	rt	3.8.8:rc2
bestpractical	rt	3.8.8:rc3
bestpractical	rt	3.8.8:rc4
bestpractical	rt	3.8.9
bestpractical	rt	3.8.9:rc1
bestpractical	rt	3.8.9:rc2
bestpractical	rt	3.8.9:rc3
bestpractical	rt	3.8.10
bestpractical	rt	3.8.10:rc1
bestpractical	rt	3.8.11
bestpractical	rt	3.8.11:rc1
bestpractical	rt	3.8.11:rc2
bestpractical	rt	3.8.12
bestpractical	rt	3.8.13
bestpractical	rt	3.8.13:rc1
bestpractical	rt	3.8.13:rc2
bestpractical	rt	3.8.14
bestpractical	rt	3.8.14:rc1
bestpractical	rt	4.0.0
bestpractical	rt	4.0.0:rc1
bestpractical	rt	4.0.0:rc2
bestpractical	rt	4.0.0:rc3
bestpractical	rt	4.0.0:rc4
bestpractical	rt	4.0.0:rc5
bestpractical	rt	4.0.0:rc6
bestpractical	rt	4.0.0:rc7
bestpractical	rt	4.0.0:rc8
bestpractical	rt	4.0.1
bestpractical	rt	4.0.1:rc1
bestpractical	rt	4.0.1:rc2
bestpractical	rt	4.0.2
bestpractical	rt	4.0.2:rc1
bestpractical	rt	4.0.2:rc2
bestpractical	rt	4.0.3
bestpractical	rt	4.0.3:rc1
bestpractical	rt	4.0.3:rc2
bestpractical	rt	4.0.4
bestpractical	rt	4.0.5
bestpractical	rt	4.0.5:rc1
bestpractical	rt	4.0.6
bestpractical	rt	4.0.7
bestpractical	rt	4.0.7:rc1
bestpractical	rt	4.0.8:rc1
bestpractical	rt	4.0.8:rc2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

request-tracker4

bullseye (security)	4.4.4+dfsg-2+deb11u3 fixed
bullseye	4.4.4+dfsg-2+deb11u3 fixed
bookworm	4.4.6+dfsg-1.1+deb12u1 fixed
bookworm (security)	4.4.6+dfsg-1.1+deb12u1 fixed
sid	4.4.7+dfsg-3 fixed
trixie	4.4.7+dfsg-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

request-tracker3.8

zesty	dne
yakkety	dne
xenial	dne
wily	dne
vivid	dne
utopic	dne
trusty	dne
saucy	dne
raring	dne
quantal	dne
precise	Fixed 3.8.11-1ubuntu0.1 released
oneiric	Fixed 3.8.10-1ubuntu0.1 released
lucid	Fixed 3.8.7-1ubuntu2.3 released
hardy	dne

request-tracker4

zesty	not-affected
yakkety	not-affected
xenial	not-affected
wily	not-affected
vivid	not-affected
utopic	not-affected
trusty	dne
saucy	not-affected
raring	not-affected
quantal	ignored
precise	ignored
oneiric	ignored
lucid	dne
hardy	dne

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html

http://www.debian.org/security/2012/dsa-2567

http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html

http://www.debian.org/security/2012/dsa-2567