RT 3.8.x < 3.8.17 / 4.x < 4.0.13 Multiple Vulnerabilities

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

The version of RT on the remote host is affected by multiple

Description :

According to its self-reported version number, the installation of RT
(Request Tracker) hosted on the remote web server is affected by the
following vulnerabilities :

- A flaw exists that allows users with 'ModifyTicket' to
gain access to 'DeleteTicket' privileges.

- A flaw exists where the 'rt' command-line tool uses
predictable temporary files. (CVE-2013-3368)

- An unspecified error exists when calling arbitrary
'Mason' components without the control of arguments.

- A flaw exists where the program doesn't restrict direct
requests to private callback components. (CVE-2013-3370)

- A cross-site scripting issue exists related to
attachment filenames. (CVE-2013-3371)

- An HTTP header injection issue exists related to
the 'Content-Disposition' header. (CVE-2013-3372)

- A MIME header injection issue exists related to
custom email templates in outgoing email.

- An information disclosure issue exists due to
re-use of session store. (CVE-2013-3374)

- A flaw exists related to the 'MakeClicky' component
and URLs in tickets that could allow cross-site
scripting attacks. A successful attack requires that
the 'MakeClicky' component be configured. Note this
flaw only affects the Request Tracker (RT) 4.x branch.

Note that Nessus has not tested for the issues but has instead relied
on the application's self-reported version number.

See also :


Solution :

Upgrade to RT 3.8.17 / 4.0.13 or apply the patch listed in the

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false