Test ID:	1.3.6.1.4.1.25623.1.0.811527
Category:	Web Servers
Title:	Request Tracker Multiple Vulnerabilities
Summary:	Request Tracker is prone to multiple vulnerabilities.
Description:	Summary: Request Tracker is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Not using a constant-time comparison algorithm for secrets. - It fails to properly validate HTTP requests. - Multiple input validation errors. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions, perform certain unauthorized actions and gain access to the affected application and obtain sensitive user password information. Other attacks are also possible. Affected Software/OS: Request Tracker 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 Solution: Upgrade to Request Tracker version 4.0.25 or 4.2.14 or 4.4.2 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-5944 BugTraq ID: 99381 http://www.securityfocus.com/bid/99381 Debian Security Information: DSA-3882 (Google Search) http://www.debian.org/security/2017/dsa-3882 Common Vulnerability Exposure (CVE) ID: CVE-2016-6127 BugTraq ID: 99375 http://www.securityfocus.com/bid/99375 Common Vulnerability Exposure (CVE) ID: CVE-2017-5943 BugTraq ID: 99384 http://www.securityfocus.com/bid/99384
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.