Release date:
Updated on:
Affected Systems:
Bestpractical RT 4.x
Bestpractical RT 3.8.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56290
Cve id: CVE-2012-4730, CVE-2012-4732, CVE-2012-4734, CVE-2012-4735, CVE-2012-4884
Request Tracker (RT) is a problem tracking system for battle-tested.
Request Tracker (RT) 3.8.15 and 4.0.8 have the spoofing vulnerability, Security Restriction Bypass Vulnerability, Cross-Site Request Forgery Vulnerability, and command injection vulnerability, attackers can exploit these vulnerabilities to perform administrator operations, add arbitrary email headers, execute arbitrary commands, bypass certain security restrictions, illegally access affected applications, or delete certain data.
<* Source: Scott MacVicar
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Bestpractical
-------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.bestpractical.com/rt/