CVE-2013-3370
Published: 23 August 2013
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request.
Priority
Status
Package | Release | Status |
---|---|---|
request-tracker4 Launchpad, Ubuntu, Debian |
vivid |
Not vulnerable
(4.0.19-1)
|
lucid |
Does not exist
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Not vulnerable
(4.0.13-1)
|
|
trusty |
Does not exist
(trusty was not-affected [4.0.19-1])
|
|
upstream |
Released
(4.0.13)
|
|
utopic |
Not vulnerable
(4.0.19-1)
|
|
wily |
Not vulnerable
(4.0.19-1)
|
|
xenial |
Not vulnerable
(4.0.19-1)
|
|
yakkety |
Not vulnerable
(4.0.19-1)
|
|
zesty |
Not vulnerable
(4.0.19-1)
|
|
request-tracker3.8 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Ignored
(end of life)
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.8.17)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|