CVE-2015-1464

RT <4.0.23, <4.2 - Session Hijacking

Title source: llm
STIX 2.1

Description

RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.

References (4)

Core 4
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3176
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html

Scores

EPSS 0.0199
EPSS Percentile 78.3%

Details

CWE
CWE-284
Status published
Products (13)
bestpractical/request_tracker 4.2.0
bestpractical/request_tracker 4.2.1
bestpractical/request_tracker 4.2.2
bestpractical/request_tracker 4.2.3
bestpractical/request_tracker 4.2.4
bestpractical/request_tracker 4.2.5
bestpractical/request_tracker 4.2.6
bestpractical/request_tracker 4.2.7
bestpractical/request_tracker 4.2.8
bestpractical/request_tracker 4.2.9
... and 3 more
Published Mar 09, 2015
Tracked Since Feb 18, 2026