Description
Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request.
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/66795
Patch mailing-list
x_refsource_mlist
http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/1071
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=696795
Various Sources x_refsource_confirm
http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/47383
Patch mailing-list
x_refsource_mlist
http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html
Patch mailing-list
x_refsource_mlist
http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2220
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/44189
Scores
EPSS
0.0378
EPSS Percentile
88.6%
Details
CWE
CWE-22
Status
published
Products (33)
bestpractical/rt
3.2.0
bestpractical/rt
3.2.1
bestpractical/rt
3.2.2
bestpractical/rt
3.2.3
bestpractical/rt
3.4.0
bestpractical/rt
3.4.1
bestpractical/rt
3.4.2
bestpractical/rt
3.4.3
bestpractical/rt
3.4.4
bestpractical/rt
3.4.5
... and 23 more
Published
Apr 22, 2011
Tracked Since
Feb 18, 2026