CVE-2017-5361
NONE EPSS 68.5%
Published Jul 3, 20179y ago · Modified Jun 17, 20262w ago
Published Jul 3, 2017 9y ago
Last Modified Jun 17, 2026 2w ago
Description
Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack.
Threat Intelligence
EPSS Exploit Probability
68.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Affected Products 41
| Vendor | Product | Version | Range |
|---|---|---|---|
| bestpractical | request_tracker | 4.0.0 | any |
| bestpractical | request_tracker | 4.0.1 | any |
| bestpractical | request_tracker | 4.0.2 | any |
| bestpractical | request_tracker | 4.0.3 | any |
| bestpractical | request_tracker | 4.0.4 | any |
| bestpractical | request_tracker | 4.0.5 | any |
| bestpractical | request_tracker | 4.0.6 | any |
| bestpractical | request_tracker | 4.0.7 | any |
| bestpractical | request_tracker | 4.0.8 | any |
| bestpractical | request_tracker | 4.0.9 | any |
| bestpractical | request_tracker | 4.0.10 | any |
| bestpractical | request_tracker | 4.0.11 | any |
| bestpractical | request_tracker | 4.0.12 | any |
| bestpractical | request_tracker | 4.0.13 | any |
| bestpractical | request_tracker | 4.0.14 | any |
| bestpractical | request_tracker | 4.0.15 | any |
| bestpractical | request_tracker | 4.0.16 | any |
| bestpractical | request_tracker | 4.0.17 | any |
| bestpractical | request_tracker | 4.0.18 | any |
| bestpractical | request_tracker | 4.0.19 | any |
| bestpractical | request_tracker | 4.0.20 | any |
| bestpractical | request_tracker | 4.0.21 | any |
| bestpractical | request_tracker | 4.0.22 | any |
| bestpractical | request_tracker | 4.0.23 | any |
| bestpractical | request_tracker | 4.0.24 | any |
| bestpractical | request_tracker | 4.2.0 | any |
| bestpractical | request_tracker | 4.2.1 | any |
| bestpractical | request_tracker | 4.2.2 | any |
| bestpractical | request_tracker | 4.2.3 | any |
| bestpractical | request_tracker | 4.2.4 | any |
| bestpractical | request_tracker | 4.2.5 | any |
| bestpractical | request_tracker | 4.2.6 | any |
| bestpractical | request_tracker | 4.2.7 | any |
| bestpractical | request_tracker | 4.2.8 | any |
| bestpractical | request_tracker | 4.2.9 | any |
| bestpractical | request_tracker | 4.2.10 | any |
| bestpractical | request_tracker | 4.2.11 | any |
| bestpractical | request_tracker | 4.2.12 | any |
| bestpractical | request_tracker | 4.2.13 | any |
| bestpractical | request_tracker | 4.4.0 | any |
| bestpractical | request_tracker | 4.4.1 | any |
References 3
- debian.org http://www.debian.org/security/2017/dsa-3882
- debian.org http://www.debian.org/security/2017/dsa-3883
- forum.bestpractical.com https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.