The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-11-16T02:00:00
Updated: 2024-08-06T16:22:00.416Z
Reserved: 2013-05-31T00:00:00
Link: CVE-2013-3737
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2014-11-16T02:59:01.793
Modified: 2015-02-10T18:03:21.043
Link: CVE-2013-3737
Redhat
No data.