Request Tracker 3.x < 3.8.15 / 4.x < 4.0.8 Multiple Vulnerabilities

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote web server is running a Perl application that is affected
by multiple vulnerabilities.

Description :

According to its self-reported version number, the Best Practical
Solutions Request Tracker (RT) running on the remote web server is
version 3.x prior to 3.8.15 or version 4.x prior to 4.0.8. It is,
therefore, potentially affected by the following vulnerabilities :

- Users can inject arbitrary headers into outgoing email
provided they have ModifySelf or AdminUser privileges.
A remote attacker could exploit this to gain sensitive
information or conduct phishing attacks. (CVE-2012-4730)

- Any privileged user can create articles in any class due
to the application failing to properly verify user
access rights. (CVE-2012-4731)

- A cross-site request forgery vulnerability exists that
allows a remote attacker to hijack the authentication
of users for requests that toggle ticket bookmarks.
(CVE-2012-4732)

- A warning bypass vulnerability exists that allows a
'confused deputy' attack during the handling of a
specially crafted link. (CVE-2012-4734)

- A vulnerability exists that allows an attacker to send
arbitrary arguments to the command line for the GnuPG
client (if GnuPG is enabled), which could result in the
creation of arbitrary files with the permissions of the
web server. (CVE-2012-4884)

- Multiple vulnerabilities exist related to the improper
signing or encryption of messages using GnuPG when GnuPG
is enabled. (CVE-2012-6578, CVE-2012-6579,
CVE-2012-6580, CVE-2012-6581)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://www.nessus.org/u?2181f5d2

Solution :

Upgrade to Request Tracker 3.8.15 / 4.0.8 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now