CVE-2013-3370 Information

Description

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components which allows remote attackers to have an unspecified impact via a direct request.

Reference

http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html http://secunia.com/advisories/53505 http://secunia.com/advisories/53522 http://www.debian.org/security/2012/dsa-2670 http://www.osvdb.org/93609