Web Servers : Request Tracker Multiple Vulnerabilities

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.811527

Kategorie: Web Servers

Titel: Request Tracker Multiple Vulnerabilities

Zusammenfassung: Request Tracker is prone to multiple vulnerabilities.

Beschreibung: Summary:
Request Tracker is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- Not using a constant-time comparison algorithm for secrets.

- It fails to properly validate HTTP requests.

- Multiple input validation errors.

Vulnerability Impact:
Successful exploitation will allow remote
attackers to execute arbitrary code in the context of the affected application.
Failed exploits will result in denial-of-service conditions, perform certain
unauthorized actions and gain access to the affected application and obtain
sensitive user password information. Other attacks are also possible.

Affected Software/OS:
Request Tracker 4.x before 4.0.25, 4.2.x
before 4.2.14, and 4.4.x before 4.4.2

Solution:
Upgrade to Request Tracker version 4.0.25 or
4.2.14 or 4.4.2 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-5944
BugTraq ID: 99381
http://www.securityfocus.com/bid/99381
Debian Security Information: DSA-3882 (Google Search)
http://www.debian.org/security/2017/dsa-3882
Common Vulnerability Exposure (CVE) ID: CVE-2016-6127
BugTraq ID: 99375
http://www.securityfocus.com/bid/99375
Common Vulnerability Exposure (CVE) ID: CVE-2017-5943
BugTraq ID: 99384
http://www.securityfocus.com/bid/99384

Copyright Copyright (C) 2017 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.811527
Kategorie:	Web Servers
Titel:	Request Tracker Multiple Vulnerabilities
Zusammenfassung:	Request Tracker is prone to multiple vulnerabilities.
Beschreibung:	Summary: Request Tracker is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Not using a constant-time comparison algorithm for secrets. - It fails to properly validate HTTP requests. - Multiple input validation errors. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions, perform certain unauthorized actions and gain access to the affected application and obtain sensitive user password information. Other attacks are also possible. Affected Software/OS: Request Tracker 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 Solution: Upgrade to Request Tracker version 4.0.25 or 4.2.14 or 4.4.2 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-5944 BugTraq ID: 99381 http://www.securityfocus.com/bid/99381 Debian Security Information: DSA-3882 (Google Search) http://www.debian.org/security/2017/dsa-3882 Common Vulnerability Exposure (CVE) ID: CVE-2016-6127 BugTraq ID: 99375 http://www.securityfocus.com/bid/99375 Common Vulnerability Exposure (CVE) ID: CVE-2017-5943 BugTraq ID: 99384 http://www.securityfocus.com/bid/99384
Copyright	Copyright (C) 2017 Greenbone AG