CVE-2011-1007 — RT vulnerability

CWE-2556 documents4 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 74.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bestpractical RT

Timeline

PublishedFeb 28

Latest updateMay 13

Description

Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDbestpractical/rt3.8.9+71

Patches

Patch: bugs.debian.org ↗Patch: lists.bestpractical.com ↗Patch: openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-8935-mgx5-73v2: Best Practical Solutions RT before 3↗2022-05-13

▶

💥Exploits & PoCs

Exploit-DB

Apache Struts - Multiple Persistent Cross-Site Scripting Vulnerabilities↗2012-02-02

▶

💬Community

Bugzilla

CVE-2011-0009 CVE-2011-1008 CVE-2011-1007 rt3 various flaws [epel-6]↗2011-02-24

▶

Bugzilla

CVE-2011-1008 CVE-2011-1007 rt3 various flaws [fedora-all]↗2011-02-24

▶

Bugzilla

CVE-2011-1007 rt3: Improper management of form data resubmittion upon user log out↗2011-02-22

▶