Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2011-1685
HistoryApr 22, 2011 - 10:55 a.m.

CVE-2011-1685

2011-04-2210:55:02
CWE-352
[email protected]
web.nvd.nist.gov
30
cve
2011
1685
best practical solutions
rt
3.8.0
3.8.9
4.0.0rc
4.0.0rc7
customfieldvaluessources
remote
authenticated users
arbitrary code
csrf
nvd

4.6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.5%

JSON

Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field) option is enabled, allows remote authenticated users to execute arbitrary code via unspecified vectors, as demonstrated by a cross-site request forgery (CSRF) attack.

Affected configurations

NVD
Node
bestpracticalrtMatch3.8.0
OR
bestpracticalrtMatch3.8.1
OR
bestpracticalrtMatch3.8.2
OR
bestpracticalrtMatch3.8.3
OR
bestpracticalrtMatch3.8.4
OR
bestpracticalrtMatch3.8.5
OR
bestpracticalrtMatch3.8.6
OR
bestpracticalrtMatch3.8.6rc1
OR
bestpracticalrtMatch3.8.7
OR
bestpracticalrtMatch3.8.7rc1
OR
bestpracticalrtMatch3.8.8
OR
bestpracticalrtMatch3.8.8rc2
OR
bestpracticalrtMatch3.8.8rc3
OR
bestpracticalrtMatch3.8.8rc4
OR
bestpracticalrtMatch3.8.9
OR
bestpracticalrtMatch3.8.9rc1
OR
bestpracticalrtMatch3.8.9rc2
OR
bestpracticalrtMatch3.8.9rc3
Node
bestpracticalrtMatch4.0.0rc1
OR
bestpracticalrtMatch4.0.0rc2
OR
bestpracticalrtMatch4.0.0rc3
OR
bestpracticalrtMatch4.0.0rc4
OR
bestpracticalrtMatch4.0.0rc5
OR
bestpracticalrtMatch4.0.0rc6
OR
bestpracticalrtMatch4.0.0rc7

Related

openvas 5
nvd 1
cvelist 1
prion 1
ubuntucve 1
altlinux 1
freebsd 1
nessus 2
debian 2
osv 1
securityvulns 2
openvas
openvas
RT (Request Tracker) Cross Site Request Forgery Vulnerability
2011-05-09 00:00:00
RT (Request Tracker) CSRF Vulnerability
2011-05-09 00:00:00
FreeBSD Ports: rt36
2011-05-12 00:00:00
nvd
nvd
CVE-2011-1685
2011-04-22 10:55:02
cvelist
cvelist
CVE-2011-1685
2011-04-22 10:00:00
prion
prion
Cross site request forgery (csrf)
2011-04-22 10:55:00
ubuntucve
ubuntucve
CVE-2011-1685
2011-04-22 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package request-tracker version 3.8.10-alt1
2011-04-19 00:00:00
freebsd
freebsd
rt -- multiple vulnerabilities
2011-04-14 00:00:00
nessus
nessus
Debian DSA-2220-1 : request-tracker3.6, request-tracker3.8 - several vulnerabilities
2011-04-20 00:00:00
FreeBSD : rt -- multiple vulnerabilities (bf171509-68dd-11e0-afe6-0003ba02bf30)
2011-04-18 00:00:00
debian
debian
[BSA-033] Security Update for request-tracker3.8
2011-04-20 15:41:06
[SECURITY] [DSA 2220-1] Request Tracker security update
2011-04-19 18:13:04
osv
osv
request-tracker3.8 - several
2011-04-19 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2220-1] Request Tracker security update
2011-04-21 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2011-04-21 00:00:00

4.6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.5%

JSON
Related for CVE-2011-1685
openvas5nvd1cvelist1prion1ubuntucve1altlinux1freebsd1nessus2debian2osv1securityvulns2