SecuritySpace - CVE-2012-4734

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2012-4734

Description: Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to a crafted link.

Test IDs: 1.3.6.1.4.1.25623.1.0.72616 1.3.6.1.4.1.25623.1.0.72538

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2012-4734
http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html
http://osvdb.org/86709

CVE ID:	CVE-2012-4734
Description:	Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to a crafted link.
Test IDs:	1.3.6.1.4.1.25623.1.0.72616 1.3.6.1.4.1.25623.1.0.72538
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4734 http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html http://osvdb.org/86709