Test ID:	1.3.6.1.4.1.25623.1.0.902511
Category:	Web application abuses
Title:	RT (Request Tracker) Unspecified Directory Traversal Vulnerability
Summary:	Request Tracker is prone to a directory traversal vulnerability.
Description:	Summary: Request Tracker is prone to a directory traversal vulnerability. Vulnerability Insight: The flaw is caused by an unspecified input validation error and can be exploited to access and disclose files outside of RT's root directory via directory traversal attacks. Vulnerability Impact: Successful exploitation will allow attackers to access and disclose files outside of RT's root directory via directory traversal attacks. Affected Software/OS: RT (Request Tracker) versions 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7. Solution: Upgrade to RT (Request Tracker) version 3.8.10, 3.6.11 or 4.0.0rc8. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1688 BugTraq ID: 47383 http://www.securityfocus.com/bid/47383 Debian Security Information: DSA-2220 (Google Search) http://www.debian.org/security/2011/dsa-2220 http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html http://secunia.com/advisories/44189 http://www.vupen.com/english/advisories/2011/1071 XForce ISS Database: rt-unspecified-dir-traversal(66795) https://exchange.xforce.ibmcloud.com/vulnerabilities/66795
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.