This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The remote web server is running a Perl application that is affected
by multiple vulnerabilities.
According to its self-reported version number, the Best Practical
Solutions Request Tracker (RT) running on the remote web server is
version 3.8.x prior to 3.8.17 or version 4.x prior to 4.0.13. It is,
therefore, potentially affected by the following vulnerabilities :
- A flaw exists that allows a remote, authenticated
attacker with 'ModifyTicket' privileges to gain access
to 'DeleteTicket' privileges, allowing tickets to be
deleted without proper authorization. (CVE-2012-4733)
- A flaw exists where the 'rt' command-line tool uses
predictable temporary files. This allows a local
attacker, using a symlink, to overwrite arbitrary
- An flaw exists that allows a remote, authenticated
attacker who has permissions to view the administration
pages to call arbitrary Mason components without the
control of arguments (CVE-2013-3369)
- A flaw exists where the application does not restrict
direct requests to private callback components.
- A cross-site scripting vulnerability exists related to
attachment file names that allows a remote attacker to
inject arbitrary script or HTML. (CVE-2013-3371)
- An unspecified flaw exists that allows a remote attacker
to inject multiple Content-Disposition HTTP headers and
possibly conduct cross-site scripting attacks.
- A flaw exists in the email templates that allows a
remote attacker to inject MIME headers in email
generated by the application. (CVE-2013-3373)
- An information disclosure vulnerability exists due to
the re-use of the Apache::Session::File session store.
- A flaw exists due to improper validation of URLs in
tickets when the 'MakeClicky' component is enabled,
which allows cross-site scripting attacks. Note this
flaw only affects the RT 4.x branch. (CVE-2013-5587)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
See also :
Upgrade to Request Tracker 3.8.17 / 4.0.13 or later, or apply the
patch listed in the advisory.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.0
Public Exploit Available : false
Family: CGI abuses
Nessus Plugin ID: 68996 ()
Bugtraq ID: 600836009160093600946009560096601056010662014
CVE ID: CVE-2012-4733CVE-2013-3368CVE-2013-3369CVE-2013-3370CVE-2013-3371CVE-2013-3372CVE-2013-3373CVE-2013-3374CVE-2013-5587
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.