1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
Candidate: CVE-2013-3525
PublicDate: 2013-05-10
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3525
http://blog.bestpractical.com/2013/04/on-our-security-policies.html
http://xforce.iss.net/xforce/xfdb/83375
http://packetstormsecurity.com/files/121245/RT-Request-Tracker-4.0.10-SQL-Injection.html
http://osvdb.org/92265
http://cxsecurity.com/issue/WLB-2013040083
Description:
** DISPUTED ** SQL injection vulnerability in Approvals/ in Request
Tracker (RT) 4.0.10 and earlier allows remote attackers to execute
arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor
disputes this issue, stating "We were unable to replicate it, and the
individual that reported it retracted their report," and "we had verified
that the claimed exploit did not function according to the author's
claims."
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_request-tracker3.8:
upstream_request-tracker3.8: needs-triage
lucid_request-tracker3.8: ignored (reached end-of-life)
precise_request-tracker3.8: ignored (reached end-of-life)
precise/esm_request-tracker3.8: DNE (precise was needs-triage)
quantal_request-tracker3.8: DNE
raring_request-tracker3.8: DNE
saucy_request-tracker3.8: DNE
trusty_request-tracker3.8: DNE
utopic_request-tracker3.8: DNE
vivid_request-tracker3.8: DNE
vivid/stable-phone-overlay_request-tracker3.8: DNE
vivid/ubuntu-core_request-tracker3.8: DNE
wily_request-tracker3.8: DNE
xenial_request-tracker3.8: DNE
yakkety_request-tracker3.8: DNE
zesty_request-tracker3.8: DNE
devel_request-tracker3.8: DNE
Patches_request-tracker4:
upstream_request-tracker4: released (4.0.12-1)
lucid_request-tracker4: DNE
precise_request-tracker4: ignored (reached end-of-life)
precise/esm_request-tracker4: DNE (precise was needed)
quantal_request-tracker4: ignored (reached end-of-life)
raring_request-tracker4: ignored (reached end-of-life)
saucy_request-tracker4: not-affected (4.0.13-1)
trusty_request-tracker4: not-affected (4.0.19-1)
utopic_request-tracker4: not-affected (4.0.19-1)
vivid_request-tracker4: not-affected (4.0.19-1)
vivid/stable-phone-overlay_request-tracker4: DNE
vivid/ubuntu-core_request-tracker4: DNE
wily_request-tracker4: not-affected (4.0.19-1)
xenial_request-tracker4: not-affected (4.0.19-1)
yakkety_request-tracker4: not-affected (4.0.19-1)
zesty_request-tracker4: not-affected (4.0.19-1)
devel_request-tracker4: not-affected (4.0.19-1)
|