{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-02-16T00:00:00", "descriptions": [{"lang": "en", "value": "Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-25T16:06:46", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/02/24/9"}, {"name": "[oss-security] 20110223 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/02/23/22"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575"}, {"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/02/24/7"}, {"name": "[oss-security] 20110222 Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/02/22/12"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://issues.bestpractical.com/Ticket/Display.html?id=15804"}, {"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/02/24/8"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4"}, {"name": "43438", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43438"}, {"name": "[oss-security] 20110222 Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/02/22/16"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069"}, {"name": "[rt-announce] 20110216 RT 3.8.9 Released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html"}, {"name": "rt-login-information-disclosure(65771)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65771"}, {"name": "[oss-security] 20110222 CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/02/22/6"}, {"name": "ADV-2011-0475", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0475"}, {"name": "71012", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/71012"}, {"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-1007", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/02/24/9"}, {"name": "[oss-security] 20110223 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/02/23/22"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575"}, {"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/02/24/7"}, {"name": "[oss-security] 20110222 Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/02/22/12"}, {"name": "http://issues.bestpractical.com/Ticket/Display.html?id=15804", "refsource": "CONFIRM", "url": "http://issues.bestpractical.com/Ticket/Display.html?id=15804"}, {"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/02/24/8"}, {"name": "https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4", "refsource": "CONFIRM", "url": "https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4"}, {"name": "43438", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43438"}, {"name": "[oss-security] 20110222 Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/02/22/16"}, {"name": "https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069", "refsource": "CONFIRM", "url": "https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069"}, {"name": "[rt-announce] 20110216 RT 3.8.9 Released", "refsource": "MLIST", "url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html"}, {"name": "rt-login-information-disclosure(65771)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65771"}, {"name": "[oss-security] 20110222 CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/02/22/6"}, {"name": "ADV-2011-0475", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0475"}, {"name": "71012", "refsource": "OSVDB", "url": "http://osvdb.org/71012"}, {"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:14:26.859Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/02/24/9"}, {"name": "[oss-security] 20110223 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/02/23/22"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575"}, {"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/02/24/7"}, {"name": "[oss-security] 20110222 Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/02/22/12"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://issues.bestpractical.com/Ticket/Display.html?id=15804"}, {"name": "[oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/02/24/8"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4"}, {"name": "43438", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43438"}, {"name": "[oss-security] 20110222 Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/02/22/16"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069"}, {"name": "[rt-announce] 20110216 RT 3.8.9 Released", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html"}, {"name": "rt-login-information-disclosure(65771)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65771"}, {"name": "[oss-security] 20110222 CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/02/22/6"}, {"name": "ADV-2011-0475", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0475"}, {"name": "71012", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/71012"}, {"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-1007", "datePublished": "2011-02-28T15:00:00", "dateReserved": "2011-02-14T00:00:00", "dateUpdated": "2024-08-06T22:14:26.859Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bestpractical:rt:*:rc3:*:*:*:*:*:*", "matchCriteriaId": "A1369FE3-D1CC-4A6B-9D5B-796B1BAFE1AF", "versionEndIncluding": "3.8.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "798C7256-C8A7-46EA-BE0C-685620CF78AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "EC812A18-628E-4EFA-95C7-010694423894", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "05EFCBF0-4447-4457-92B9-587A28C2D8E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0E9A6E50-5666-48BF-8FD7-2668D8AD7344", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "915FBC54-78F1-43AC-8394-AA25BC9F88F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "6F083E35-4189-45E9-A1A1-9062C88ED144", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "D6C9869E-5949-4C1E-AED7-3A8FB3C133F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "FC2090D7-2796-44E9-8330-CE874E9514E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B558A64D-2E06-416C-85F5-AAFFD18096D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A3A24FF7-A1B0-4998-A0F8-6E5D70901299", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F01659AA-9146-4238-9FEE-70D345D31094", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "0EA74674-D04E-4458-ADF0-C733E9592B05", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "8F4ACD97-35AD-4E23-83FC-E39016936EFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "DF589DDB-4348-4A55-9468-DBB5F03C82F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:2.0.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "9C59D941-22C2-41A7-B9BA-4CBDA3E71F5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:2.0.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "DB507C08-D3CC-4AC8-9BAC-EED9FD09E1D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "A50288EA-2628-47D7-9F25-EE514B9083F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "91868A78-C6C7-4C03-95B3-755816F8C663", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:2.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "F4B4383B-20C5-4620-8107-255AD3D45D2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:2.0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "09A128B7-AA70-49DD-A20E-B9BB7D23A4EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:2.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "88EFA7E0-C472-4E93-8E38-98DFCCD37EEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:2.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "6E6381E7-1C01-4239-A02F-C6DB5D775F7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:2.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "4120F4E4-E4EB-434C-9764-370102198554", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:2.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "E1CA0866-CC49-4956-9493-849069B4485B", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:2.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "565B7E66-BD96-419A-8EC2-FE971BDC47A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:2.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "FAC1443B-50C8-4E98-9900-CACFEA5AD00D", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F451959A-5305-4210-977B-6B396BC0A4F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "BA418CF5-49D6-4E0E-A1B5-8CB23752989D", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "8E238F87-8D8C-4E62-A8F0-3DB9EFDB8328", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "3FD8A7EF-5DB8-40C6-9124-A97A23B3EA02", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "2AD553B8-8495-47E5-A543-4DC963B3511A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "28ADB191-4787-4FDB-B70A-F4C8BDF0F4B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "2772389A-9BCD-4B13-88C8-75BC64E40AF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "B1F9D05F-C86D-40D8-A7D9-5448918B72DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "311485DA-5381-4EAD-AF58-B8C67373413A", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "2EAF6671-8C77-448B-BF29-E2CF51176CC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "B55D762D-A723-435C-8D80-F7230F1648D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "4CC63EDC-541E-445D-8B72-799E4184B7EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "D5E6196E-4A90-4F64-BA99-A8E04A09D5ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "91D7CE86-3FCD-472E-BF01-31FFB36701BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "70B3F0B2-8C70-4046-AAA0-FBD344FE4DBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FCD0173D-F699-4864-8856-D1792BDA0F84", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "19CC2E53-5DE8-4A31-9B8A-79335DFBAFEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "404AFC5C-20B4-41E5-ACDE-56626D68AFEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F37D1380-965B-40E0-8A20-61FEA072B8D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "E101B0FE-499F-44D8-8B68-BB7FEE40D2B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "747D8CD1-EE12-48A4-A795-88BC66A8DA33", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "5FDE201D-F31A-4738-B9AB-7BB11417990E", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "4D6ED4EC-F860-47BD-B699-551FB5DBF039", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "E3398823-1813-4D7B-9EC9-74222A240051", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "F98B7895-BDB3-477C-8B34-88BD3E02EAFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "1512169D-DCEF-4964-B05A-3DF19CDE8F57", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "B427F5D4-ACD6-46E5-B94F-CA30330C6492", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "E9B38C33-D680-4285-A849-E6CDA9F4802F", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "646CFD82-15FE-48E4-83C9-E3E037E9F928", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "57404A14-6E1C-4F3B-8120-75F1073A3E18", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "3F40ED56-CDAC-40BB-A026-5D6A09DCB72C", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "33C325D9-CB88-430F-B1AE-3544C7176398", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "F1E86D15-8435-46B9-88FF-8A51771C55E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "543C8E63-9A49-4D6A-899A-7D244D0CCC17", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "00AFB893-E37A-4E81-A984-66D677161D80", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C503726A-4AAB-4444-A204-7F53A6369919", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F2B93F59-E22F-47E0-A5EA-D5716E9EAB48", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "0BF01543-2929-4ADA-BD74-ABE00BF066BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "562E9782-259B-42C6-BC3E-C452799A78FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "C4D2E2C8-15E8-45E4-9DBF-6CF2BEB30576", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "9E4D117A-92C0-4884-A3E6-F6FCC8B89458", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "AED14B5B-A9DE-46A4-8996-F6DC75B5DCD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.8.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "D237F862-E8D5-4D82-9CDC-A8A84D2DE665", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.8.7:rc1:*:*:*:*:*:*", "matchCriteriaId": "B306ECCE-8095-48E7-A523-05F6B2AF686E", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc2:*:*:*:*:*:*", "matchCriteriaId": "B6FBA787-90EE-4148-804C-F4F6021D5177", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc3:*:*:*:*:*:*", "matchCriteriaId": "9035493E-C9BA-4DDE-914A-E14CB072E745", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.8.8:rc4:*:*:*:*:*:*", "matchCriteriaId": "19E636D2-525B-4B27-A9E1-16BC0088C8AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc1:*:*:*:*:*:*", "matchCriteriaId": "F9040C7B-9080-4B57-885D-9275B9623E46", "vulnerable": true}, {"criteria": "cpe:2.3:a:bestpractical:rt:3.8.9:rc2:*:*:*:*:*:*", "matchCriteriaId": "7B927C5E-EAC2-4032-905A-BBCE66693958", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout."}, {"lang": "es", "value": "Best Practical Solutions RT anterior a v3.8.9 no desarrolla ciertas redirecciones en el login, lo que permite a atacantes pr\u00f3ximos f\u00edsicamente obtener credenciales reenviando el formulario de registro a trav\u00e9s del bot\u00f3n back en un buscador web en una m\u00e1quina de trabajo no atendidad despu\u00e9s de un cierre de sesi\u00f3n RT."}], "id": "CVE-2011-1007", "lastModified": "2024-11-21T01:25:18.983", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-02-28T16:00:01.603", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575"}, {"source": "secalert@redhat.com", "url": "http://issues.bestpractical.com/Ticket/Display.html?id=15804"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/02/22/12"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/02/22/16"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/02/22/6"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/02/23/22"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/02/24/7"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/02/24/8"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/02/24/9"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/71012"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43438"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0475"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65771"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://issues.bestpractical.com/Ticket/Display.html?id=15804"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://lists.bestpractical.com/pipermail/rt-announce/2011-February/000186.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/02/22/12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/02/22/16"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/02/22/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/02/23/22"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/02/24/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/02/24/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/02/24/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/71012"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43438"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0475"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65771"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}