CVE-2014-9472Request-tracker4 vulnerability

CWE-3996 documents5 sources
Severity
7.1HIGHNVD
EPSS
0.9%
top 24.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Debian Request-tracker4Bestpractical Request TrackerDebian Linux+1 more
Timeline
PublishedMar 9
Latest updateMay 17

Description

The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages2 packages

debiandebian/request-tracker4< request-tracker4 4.2.8-3 (bookworm)
NVDbestpractical/request_tracker48 versions+47

Also affects: Debian Linux 7.0, Fedora 21, 22

🔴Vulnerability Details

2
GHSA
GHSA-94gc-qmgp-hh55: The email gateway in RT (aka Request Tracker) 32022-05-17
OSV
CVE-2014-9472: The email gateway in RT (aka Request Tracker) 32015-03-09

📋Vendor Advisories

1
Debian
CVE-2014-9472: request-tracker4 - The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 an...2014

💬Community

2
Bugzilla
CVE-2014-9472 rt: denial of service flaw in email gateway2015-03-09
Bugzilla
CVE-2014-9472 rt: denial of service flaw in email gateway [fedora-21]2015-03-09
CVE-2014-9472 — Debian Request-tracker4 vulnerability | cvebase