CVE-2013-3373
published 2013-08-23CVE-2013-3373: CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and…
PriorityP427medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
2.43%
82.2th percentile
CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header.
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-22c6-pmf5-543m: CRLF injection vulnerability in Request Tracker (RT) 3
ghsa_unreviewed·2022-05-17
CVE-2013-3373 [MEDIUM] CWE-94 GHSA-22c6-pmf5-543m: CRLF injection vulnerability in Request Tracker (RT) 3
CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header.
OSV
CVE-2013-3373: CRLF injection vulnerability in Request Tracker (RT) 3
osv·2013-08-23·CVSS 5.0
CVE-2013-3373 [MEDIUM] CVE-2013-3373: CRLF injection vulnerability in Request Tracker (RT) 3
CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header.
Debian
CVE-2013-3373: request-tracker4 - CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0...
vendor_debian·2013·CVSS 5.0
CVE-2013-3373 [MEDIUM] CVE-2013-3373: request-tracker4 - CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0...
CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header.
Scope: local
bookworm: resolved (fixed in 4.0.12-2)
bullseye: resolved (fixed in 4.0.12-2)
sid: resolved (fixed in 4.0.12-2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.htmlhttp://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.htmlhttp://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.htmlhttp://secunia.com/advisories/53505http://secunia.com/advisories/53522http://www.debian.org/security/2012/dsa-2670http://www.osvdb.org/93606http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.htmlhttp://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.htmlhttp://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.htmlhttp://secunia.com/advisories/53505http://secunia.com/advisories/53522http://www.debian.org/security/2012/dsa-2670http://www.osvdb.org/93606
2013-08-23
Published