CVE-2011-1688 Information
Description
Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10 3.8.0 through 3.8.9 and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request.
Reference
http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000187.html http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000188.html http://lists.bestpractical.com/pipermail/rt-announce/2011-April/000189.html http://secunia.com/advisories/44189 http://www.debian.org/security/2011/dsa-2220 http://www.securityfocus.com/bid/47383 http://www.vupen.com/english/advisories/2011/1071 https://bugzilla.redhat.com/show_bug.cgi?id=696795 https://exchange.xforce.ibmcloud.com/vulnerabilities/66795
Share on: