Test ID:	1.3.6.1.4.1.25623.1.0.71358
Category:	Debian Local Security Checks
Title:	Debian Security Advisory DSA 2480-1 (request-tracker3.8)
Summary:	The remote host is missing an update to request-tracker3.8 announced via advisory DSA 2480-1.;; This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-2480)' (OID: 1.3.6.1.4.1.25623.1.0.71359).
Description:	Summary: The remote host is missing an update to request-tracker3.8 announced via advisory DSA 2480-1. This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-2480)' (OID: 1.3.6.1.4.1.25623.1.0.71359). Vulnerability Insight: Several vulnerabilities were discovered in Request Tracker, an issue tracking system: CVE-2011-2082 The vulnerable-passwords scripts introduced for CVE-2011-0009 failed to correct the password hashes of disabled users. CVE-2011-2083 Several cross-site scripting issues have been discovered. CVE-2011-2084 Password hashes could be disclosed by privileged users. CVE-2011-2085 Several cross-site request forgery vulnerabilities have been found. If this update breaks your setup, you can restore the old behaviour by setting $RestrictReferrer to 0. CVE-2011-4458 The code to support variable envelope return paths allowed the execution of arbitrary code. CVE-2011-4459 Disabled groups were not fully accounted as disabled. CVE-2011-4460 SQL injection vulnerability, only exploitable by privileged users. For the stable distribution (squeeze), this problem has been fixed in version 3.8.8-7+squeeze2. For the unstable distribution (sid), this problem has been fixed in version 4.0.5-3. Solution: We recommend that you upgrade your request-tracker3.8 packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2082 BugTraq ID: 53660 http://www.securityfocus.com/bid/53660 http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html http://secunia.com/advisories/49259 Common Vulnerability Exposure (CVE) ID: CVE-2011-2083 Common Vulnerability Exposure (CVE) ID: CVE-2011-2084 Common Vulnerability Exposure (CVE) ID: CVE-2011-2085 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2011-4458 Common Vulnerability Exposure (CVE) ID: CVE-2011-4459 Common Vulnerability Exposure (CVE) ID: CVE-2011-4460 http://osvdb.org/82136 XForce ISS Database: rt-unspecified-sql-injection(75824) https://exchange.xforce.ibmcloud.com/vulnerabilities/75824 Common Vulnerability Exposure (CVE) ID: CVE-2011-0009 43438 http://secunia.com/advisories/43438 45959 http://www.securityfocus.com/bid/45959 70661 http://osvdb.org/70661 ADV-2011-0190 http://www.vupen.com/english/advisories/2011/0190 ADV-2011-0475 http://www.vupen.com/english/advisories/2011/0475 ADV-2011-0576 http://www.vupen.com/english/advisories/2011/0576 DSA-2150 http://www.debian.org/security/2011/dsa-2150 FEDORA-2011-1677 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054740.html [mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E [rt-announce] 20110119 Security vulnerability in RT 3.0 and up http://lists.bestpractical.com/pipermail/rt-announce/2011-January/000185.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610850 https://bugzilla.redhat.com/show_bug.cgi?id=672250
Copyright	Copyright (C) 2012 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.