Candidate: CVE-2009-4151
PublicDate: 2009-12-02 16:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4151
 http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000176.html
Description:
 Session fixation vulnerability in html/Elements/SetupSessionCookie in Best
 Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows
 remote attackers to hijack web sessions by setting the session identifier
 via a manipulation that leverages "HTTP access to the RT server," a related
 issue to CVE-2009-3585.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_request-tracker3.4:
upstream_request-tracker3.4: needs-triage
dapper_request-tracker3.4: ignored (reached end-of-life)
hardy_request-tracker3.4: DNE
intrepid_request-tracker3.4: DNE
jaunty_request-tracker3.4: DNE
karmic_request-tracker3.4: DNE
lucid_request-tracker3.4: DNE
maverick_request-tracker3.4: DNE
natty_request-tracker3.4: DNE
oneiric_request-tracker3.4: DNE
precise_request-tracker3.4: DNE
quantal_request-tracker3.4: DNE
raring_request-tracker3.4: DNE
devel_request-tracker3.4: DNE

Patches_request-tracker3.6:
upstream_request-tracker3.6: needs-triage
dapper_request-tracker3.6: DNE
hardy_request-tracker3.6: pending (3.6.5-1ubuntu0.1)
intrepid_request-tracker3.6: needs-triage (reached end-of-life)
jaunty_request-tracker3.6: ignored (reached end-of-life)
karmic_request-tracker3.6: ignored (reached end-of-life)
lucid_request-tracker3.6: DNE
maverick_request-tracker3.6: DNE
natty_request-tracker3.6: DNE
oneiric_request-tracker3.6: DNE
precise_request-tracker3.6: DNE
quantal_request-tracker3.6: DNE
raring_request-tracker3.6: DNE
devel_request-tracker3.6: DNE

Patches_request-tracker3.8:
upstream_request-tracker3.8: released (3.8.7-1)
dapper_request-tracker3.8: DNE
hardy_request-tracker3.8: DNE
intrepid_request-tracker3.8: DNE
jaunty_request-tracker3.8: DNE
karmic_request-tracker3.8: ignored (reached end-of-life)
lucid_request-tracker3.8: not-affected (3.8.7-1ubuntu2)
maverick_request-tracker3.8: not-affected
natty_request-tracker3.8: not-affected
oneiric_request-tracker3.8: not-affected
precise_request-tracker3.8: not-affected
quantal_request-tracker3.8: DNE
raring_request-tracker3.8: DNE
devel_request-tracker3.8: DNE