CVE-2015-1464
NONE EPSS 78.2%
Published Mar 9, 201511y ago · Modified Jun 17, 20262w ago
Published Mar 9, 2015 11y ago
Last Modified Jun 17, 2026 2w ago
Description
RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.
Threat Intelligence
EPSS Exploit Probability
78.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-284
Affected Products 13
| Vendor | Product | Version | Range |
|---|---|---|---|
| fedoraproject | fedora | 21 | any |
| fedoraproject | fedora | 22 | any |
| bestpractical | request_tracker | * | ≤4.0.22 |
| bestpractical | request_tracker | 4.2.0 | any |
| bestpractical | request_tracker | 4.2.1 | any |
| bestpractical | request_tracker | 4.2.2 | any |
| bestpractical | request_tracker | 4.2.3 | any |
| bestpractical | request_tracker | 4.2.4 | any |
| bestpractical | request_tracker | 4.2.5 | any |
| bestpractical | request_tracker | 4.2.6 | any |
| bestpractical | request_tracker | 4.2.7 | any |
| bestpractical | request_tracker | 4.2.8 | any |
| bestpractical | request_tracker | 4.2.9 | any |
References 4
- blog.bestpractical.com http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html
- debian.org http://www.debian.org/security/2015/dsa-3176
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.