CVE-2017-5943

NONE EPSS 53.2%
Published Jul 3, 20179y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jul 3, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL.

Threat Intelligence

EPSS Exploit Probability
53.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-352 Cross-Site Request Forgery (CSRF) Authentication

Affected Products 41

VendorProductVersionRange
bestpracticalrequest_tracker4.0.0any
bestpracticalrequest_tracker4.0.1any
bestpracticalrequest_tracker4.0.2any
bestpracticalrequest_tracker4.0.3any
bestpracticalrequest_tracker4.0.4any
bestpracticalrequest_tracker4.0.5any
bestpracticalrequest_tracker4.0.6any
bestpracticalrequest_tracker4.0.7any
bestpracticalrequest_tracker4.0.8any
bestpracticalrequest_tracker4.0.9any
bestpracticalrequest_tracker4.0.10any
bestpracticalrequest_tracker4.0.11any
bestpracticalrequest_tracker4.0.12any
bestpracticalrequest_tracker4.0.13any
bestpracticalrequest_tracker4.0.14any
bestpracticalrequest_tracker4.0.15any
bestpracticalrequest_tracker4.0.16any
bestpracticalrequest_tracker4.0.17any
bestpracticalrequest_tracker4.0.18any
bestpracticalrequest_tracker4.0.19any
bestpracticalrequest_tracker4.0.20any
bestpracticalrequest_tracker4.0.21any
bestpracticalrequest_tracker4.0.22any
bestpracticalrequest_tracker4.0.23any
bestpracticalrequest_tracker4.0.24any
bestpracticalrequest_tracker4.2.0any
bestpracticalrequest_tracker4.2.1any
bestpracticalrequest_tracker4.2.2any
bestpracticalrequest_tracker4.2.3any
bestpracticalrequest_tracker4.2.4any
bestpracticalrequest_tracker4.2.5any
bestpracticalrequest_tracker4.2.6any
bestpracticalrequest_tracker4.2.7any
bestpracticalrequest_tracker4.2.8any
bestpracticalrequest_tracker4.2.9any
bestpracticalrequest_tracker4.2.10any
bestpracticalrequest_tracker4.2.11any
bestpracticalrequest_tracker4.2.12any
bestpracticalrequest_tracker4.2.13any
bestpracticalrequest_tracker4.4.0any
bestpracticalrequest_tracker4.4.1any

References 3

  • debian.org http://www.debian.org/security/2017/dsa-3882
    Third Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/99384
    Third Party AdvisoryVDB Entry
  • forum.bestpractical.com https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.