CVE-2015-1165
published 2015-03-09CVE-2015-1165: RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via…
PriorityP425medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
2.12%
79.5th percentile
RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.
Affected
47 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
| bestpractical | request_tracker | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8x75-79hf-2g6r: RT (aka Request Tracker) 3
ghsa_unreviewed·2022-05-17
CVE-2015-1165 [MEDIUM] CWE-200 GHSA-8x75-79hf-2g6r: RT (aka Request Tracker) 3
RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.
OSV
CVE-2015-1165: RT (aka Request Tracker) 3
osv·2015-03-09·CVSS 5.0
CVE-2015-1165 [MEDIUM] CVE-2015-1165: RT (aka Request Tracker) 3
RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.
Debian
CVE-2015-1165: request-tracker4 - RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10...
vendor_debian·2015·CVSS 5.0
CVE-2015-1165 [MEDIUM] CVE-2015-1165: request-tracker4 - RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10...
RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.
Scope: local
bookworm: resolved (fixed in 4.2.8-3)
bullseye: resolved (fixed in 4.2.8-3)
sid: resolved (fixed in 4.2.8-3)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-1165 rt: information disclosure flaw in RSS feed handler [fedora-21]
bugzilla·2015-03-09·CVSS 5.0
CVE-2015-1165 [MEDIUM] CVE-2015-1165 rt: information disclosure flaw in RSS feed handler [fedora-21]
CVE-2015-1165 rt: information disclosure flaw in RSS feed handler [fedora-21]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
fedora-21 tracking bug for rt: see blocks bug list for f
Bugzilla
CVE-2015-1165 rt: information disclosure flaw in RSS feed handler
bugzilla·2015-03-09·CVSS 5.0
CVE-2015-1165 [MEDIUM] CVE-2015-1165 rt: information disclosure flaw in RSS feed handler
CVE-2015-1165 rt: information disclosure flaw in RSS feed handler
An information disclosure flaw was found in Request Tracker's (RT) processed RSS feed handler. A remote attacker could use this flaw to disclose RSS feed URLs, which can potentially contain sensitive ticket data.
This flaw is fixed in 4.2.10:
https://bestpractical.com/release-notes/rt/4.2.10
Discussion:
Created rt tracking bugs for this issue:
Affects: fedora-21 [bug 1200066]
---
rt-4.2.10-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
---
rt-4.2.10-2.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
---
This CVE Bugzilla entry is for community support info
Bugzilla
Following HTML links on RSS preview should't sends feed URL as referer
bugzilla·2015-02-10·CVSS 5.0
[MEDIUM] Following HTML links on RSS preview should't sends feed URL as referer
Following HTML links on RSS preview should't sends feed URL as referer
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
Build ID: 20150125221831
Steps to reproduce:
When previewing a RSS feed in Firefox (tested with 35.0.1) and the RSS items
contains HTML links, following this links results in Firefox sending the RSS
feed URL as referer header to the link destination.
Normally this isn't a problem.
But some private RSS feeds contains auth tokens in their URL to authenticate a
user to a private RSS feed service.
In this case the referer header contains also the auth token, which is send to
the link destination and can be inspected in the webserver access logs.
This is some kind of sensitive information disclosure.
Something similar was discovered
http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.htmlhttp://www.debian.org/security/2015/dsa-3176http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.htmlhttp://www.debian.org/security/2015/dsa-3176
2015-03-09
Published