Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:1121
[Rus]
Version
3
Class
patch
ALTXid
35516
Language
English
Severity
NotAvailable
Title
DSA-2480-3 request-tracker3.8 - regression
Description
Several vulnerabilities were discovered in Request Tracker, an issue tracking system.
Family
unix
Platform
Debian GNU/kFreeBSD 6.0
Debian GNU/Linux 6.0
Product
request-tracker3.8
Reference
VENDOR: DSA-2480-3
VENDOR: DSA-2480-3
Id:
DSA-2480-3
Reference:
http://www.debian.org/security/dsa-2480-3
CVE: CVE-2011-2082
CVE: CVE-2011-2082
Id:
CVE-2011-2082
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2082
Comment
: The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE:
255 (Credentials Management)
References:
[rt-announce] 20120522 Security vulnerabilities in RT (MLIST)
[rt-announce] 20120522 RT 4.0.6 Released - Security Release (MLIST)
[rt-announce] 20120522 RT 3.8.12 Released - Security Release (MLIST)
53660 (BID)
49259 (SECUNIA)
CVE: CVE-2011-2083
CVE: CVE-2011-2083
Id:
CVE-2011-2083
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2083
Comment
: Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE:
79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
References:
[rt-announce] 20120522 Security vulnerabilities in RT (MLIST)
[rt-announce] 20120522 RT 3.8.12 Released - Security Release (MLIST)
[rt-announce] 20120522 RT 4.0.6 Released - Security Release (MLIST)
53660 (BID)
49259 (SECUNIA)
CVE: CVE-2011-2084
CVE: CVE-2011-2084
Id:
CVE-2011-2084
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2084
Comment
: Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account.
CVSSv2 Score:
4
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
SINGLE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE:
200 (Information Exposure)
References:
[rt-announce] 20120522 Security vulnerabilities in RT (MLIST)
[rt-announce] 20120522 RT 4.0.6 Released - Security Release (MLIST)
[rt-announce] 20120522 RT 3.8.12 Released - Security Release (MLIST)
53660 (BID)
49259 (SECUNIA)
CVE: CVE-2011-2085
CVE: CVE-2011-2085
Id:
CVE-2011-2085
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2085
Comment
: Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
352 ()
References:
[rt-announce] 20120522 RT 4.0.6 Released - Security Release (MLIST)
[rt-announce] 20120522 Security vulnerabilities in RT (MLIST)
[rt-announce] 20120522 RT 3.8.12 Released - Security Release (MLIST)
53660 (BID)
49259 (SECUNIA)
[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar ()
CVE: CVE-2011-4458
CVE: CVE-2011-4458
Id:
CVE-2011-4458
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4458
Comment
: Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
94 (Improper Control of Generation of Code ('Code Injection'))
References:
[rt-announce] 20120522 RT 3.8.12 Released - Security Release (MLIST)
[rt-announce] 20120522 Security vulnerabilities in RT (MLIST)
[rt-announce] 20120522 RT 4.0.6 Released - Security Release (MLIST)
53660 (BID)
49259 (SECUNIA)
CVE: CVE-2011-4459
CVE: CVE-2011-4459
Id:
CVE-2011-4459
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4459
Comment
: Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership.
CVSSv2 Score:
3.5
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:N
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
[rt-announce] 20120522 RT 4.0.6 Released - Security Release (MLIST)
[rt-announce] 20120522 Security vulnerabilities in RT (MLIST)
[rt-announce] 20120522 RT 3.8.12 Released - Security Release (MLIST)
53660 (BID)
49259 (SECUNIA)
CVE: CVE-2011-4460
CVE: CVE-2011-4460
Id:
CVE-2011-4460
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4460
Comment
: SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account.
CVSSv2 Score:
6.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
SINGLE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE:
89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))
References:
[rt-announce] 20120522 RT 4.0.6 Released - Security Release (MLIST)
[rt-announce] 20120522 RT 3.8.12 Released - Security Release (MLIST)
[rt-announce] 20120522 Security vulnerabilities in RT (MLIST)
82136 (OSVDB)
53660 (BID)
49259 (SECUNIA)
rt-unspecified-sql-injection(75824) (XF)
CVE: CVE-2011-0009
CVE: CVE-2011-0009
Id:
CVE-2011-0009
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0009
Comment
: Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE:
310 (Cryptographic Issues)
References:
ADV-2011-0190 (VUPEN)
[rt-announce] 20110119 Security vulnerability in RT 3.0 and up (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=672250 (CONFIRM)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610850 (CONFIRM)
45959 (BID)
DSA-2150 (DEBIAN)
70661 (OSVDB)
ADV-2011-0475 (VUPEN)
43438 (SECUNIA)
ADV-2011-0576 (VUPEN)
FEDORA-2011-1677 (FEDORA)
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E (MISC)
Content available only for registered users!
ovaldb@altx-soft.com