Lucene search
MitreCVE-2012-6578HistoryJul 24, 2013 - 12:01 p.m.
CVE-2012-6578
2013-07-2412:01:45
CWE-310
mitre
web.nvd.nist.gov
26
cve-2012-6578
best practical solutions rt
gnupg
authentication
remote attackers
spoofing
nvd
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.7
Confidence
Low
EPSS
0.001
Percentile
49.2%
Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a “Sign by default” queue configuration, uses a queue’s key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics.
Affected configurations
Node
bestpracticalrequest_trackerMatch3.8.3
ORbestpracticalrequest_trackerMatch3.8.4
ORbestpracticalrequest_trackerMatch3.8.7
ORbestpracticalrequest_trackerMatch3.8.9
ORbestpracticalrequest_trackerMatch3.8.10
ORbestpracticalrequest_trackerMatch3.8.11
ORbestpracticalrequest_trackerMatch3.8.12
ORbestpracticalrequest_trackerMatch3.8.13
ORbestpracticalrequest_trackerMatch3.8.14
Node
bestpracticalrequest_trackerMatch4.0.0
ORbestpracticalrequest_trackerMatch4.0.1
ORbestpracticalrequest_trackerMatch4.0.2
ORbestpracticalrequest_trackerMatch4.0.3
ORbestpracticalrequest_trackerMatch4.0.4
ORbestpracticalrequest_trackerMatch4.0.5
ORbestpracticalrequest_trackerMatch4.0.6
ORbestpracticalrequest_trackerMatch4.0.7
| Vendor | Product | Version | CPE |
|---|---|---|---|
| bestpractical | request_tracker | 3.8.3 | cpe:2.3:a:bestpractical:request_tracker:3.8.3:*:*:*:*:*:*:* |
| bestpractical | request_tracker | 3.8.4 | cpe:2.3:a:bestpractical:request_tracker:3.8.4:*:*:*:*:*:*:* |
| bestpractical | request_tracker | 3.8.7 | cpe:2.3:a:bestpractical:request_tracker:3.8.7:*:*:*:*:*:*:* |
| bestpractical | request_tracker | 3.8.9 | cpe:2.3:a:bestpractical:request_tracker:3.8.9:*:*:*:*:*:*:* |
| bestpractical | request_tracker | 3.8.10 | cpe:2.3:a:bestpractical:request_tracker:3.8.10:*:*:*:*:*:*:* |
| bestpractical | request_tracker | 3.8.11 | cpe:2.3:a:bestpractical:request_tracker:3.8.11:*:*:*:*:*:*:* |
| bestpractical | request_tracker | 3.8.12 | cpe:2.3:a:bestpractical:request_tracker:3.8.12:*:*:*:*:*:*:* |
| bestpractical | request_tracker | 3.8.13 | cpe:2.3:a:bestpractical:request_tracker:3.8.13:*:*:*:*:*:*:* |
| bestpractical | request_tracker | 3.8.14 | cpe:2.3:a:bestpractical:request_tracker:3.8.14:*:*:*:*:*:*:* |
| bestpractical | request_tracker | 4.0.0 | cpe:2.3:a:bestpractical:request_tracker:4.0.0:*:*:*:*:*:*:* |
Related
ubuntucve
ubuntucve
CVE-2012-6578
2013-07-24 00:00:00
debiancve
debiancve
CVE-2012-6578
2013-07-24 12:01:45
prion
prion
Default configuration
2013-07-24 12:01:00
nvd
nvd
CVE-2012-6578
2013-07-24 12:01:45
CVE-2012-4735
2013-07-24 12:01:44
cvelist
cvelist
CVE-2012-6578
2013-07-24 10:00:00
cve
cve
CVE-2012-4735
2013-07-24 12:01:44
nessus
nessus
Debian DSA-2567-1 : request-tracker3.8 - several vulnerabilities
2012-10-29 00:00:00
Fedora 18 : rt3-3.8.15-1.fc18 (2012-17143)
2012-11-08 00:00:00
Fedora 16 : rt3-3.8.15-1.fc16 (2012-17218)
2012-11-08 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2567-1)
2012-10-29 00:00:00
osv
osv
request-tracker3.8 - several
2012-10-26 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.7
Confidence
Low
EPSS
0.001
Percentile
49.2%
Related for CVE-2012-6578