CVE-2013-3373
Published: 23 August 2013
CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header.
Priority
Status
Package | Release | Status |
---|---|---|
request-tracker4 Launchpad, Ubuntu, Debian |
vivid |
Not vulnerable
(4.0.19-1)
|
lucid |
Does not exist
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Not vulnerable
(4.0.13-1)
|
|
trusty |
Does not exist
(trusty was not-affected [4.0.19-1])
|
|
upstream |
Released
(4.0.13)
|
|
utopic |
Not vulnerable
(4.0.19-1)
|
|
wily |
Not vulnerable
(4.0.19-1)
|
|
xenial |
Not vulnerable
(4.0.19-1)
|
|
yakkety |
Not vulnerable
(4.0.19-1)
|
|
zesty |
Not vulnerable
(4.0.19-1)
|
|
request-tracker3.8 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Ignored
(end of life)
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.8.17)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|