CVE-2012-2770 Information

Description

The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the \URL of a RSS feed of the user.\

Reference

http://lists.bestpractical.com/pipermail/rt-announce/2012-July/000208.html http://secunia.com/advisories/50060 http://www.securityfocus.com/bid/54681 https://exchange.xforce.ibmcloud.com/vulnerabilities/77213 authenexternalauth-url-sec-bypass(77213)