CVE-2013-3374
published 2013-08-23CVE-2013-3374: Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCPINAN
EPSS
1.41%
69.2th percentile
Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, related to a "limited session re-use."
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
| bestpractical | rt | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v7q3-365h-hmpp: Unspecified vulnerability in Request Tracker (RT) 3
ghsa_unreviewed·2022-05-17
CVE-2013-3374 [MEDIUM] GHSA-v7q3-365h-hmpp: Unspecified vulnerability in Request Tracker (RT) 3
Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, related to a "limited session re-use."
OSV
CVE-2013-3374: Unspecified vulnerability in Request Tracker (RT) 3
osv·2013-08-23·CVSS 4.3
CVE-2013-3374 [MEDIUM] CVE-2013-3374: Unspecified vulnerability in Request Tracker (RT) 3
Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, related to a "limited session re-use."
Debian
CVE-2013-3374: request-tracker4 - Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x ...
vendor_debian·2013·CVSS 4.3
CVE-2013-3374 [MEDIUM] CVE-2013-3374: request-tracker4 - Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x ...
Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, related to a "limited session re-use."
Scope: local
bookworm: resolved (fixed in 4.0.12-2)
bullseye: resolved (fixed in 4.0.12-2)
sid: resolved (fixed in 4.0.12-2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.htmlhttp://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.htmlhttp://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.htmlhttp://secunia.com/advisories/53505http://secunia.com/advisories/53522http://www.debian.org/security/2012/dsa-2670http://www.osvdb.org/93605http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.htmlhttp://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.htmlhttp://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.htmlhttp://secunia.com/advisories/53505http://secunia.com/advisories/53522http://www.debian.org/security/2012/dsa-2670http://www.osvdb.org/93605
2013-08-23
Published