CVE-2012-6579Request-tracker4 vulnerability

CWE-3104 documents4 sources
Severity
6.4MEDIUMNVD
EPSS
0.2%
top 51.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Request-tracker4Bestpractical Request Tracker
Timeline
PublishedJul 24
Latest updateMay 17

Description

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queue's address.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages2 packages

NVDbestpractical/request_tracker17 versions+16
debiandebian/request-tracker4< request-tracker4 4.0.7-2 (bookworm)

Patches

Patch: lists.bestpractical.comPatch: lists.bestpractical.com

🔴Vulnerability Details

2
GHSA
GHSA-f2jr-mr8q-3w6w: Best Practical Solutions RT 32022-05-17
OSV
CVE-2012-6579: Best Practical Solutions RT 32013-07-24

📋Vendor Advisories

1
Debian
CVE-2012-6579: request-tracker4 - Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when Gnu...2012
CVE-2012-6579 — Debian Request-tracker4 vulnerability | cvebase