OVAL Reference oval:org.cisecurity:def:228

CVE-2015-5475) and via the cryptography interface, allowing an attacker with a carefully-crafted key to inject JavaScript into RT's user interface. Installations which use neither GnuPG nor S/MIME are unaffected by the second cross-site scripting vulnerability."> OVAL Reference oval:org.cisecurity:def:228 - CERT Civis.Net

Oval Definition:

oval:org.cisecurity:def:228

Revision Date:	2016-02-08	Version:	2
Title:	DSA-3335-1 -- request-tracker4 -- security update
Description:	It was discovered that Request Tracker, an extensible trouble-ticket tracking system is susceptible to a cross-site scripting attack via the user and group rights management pages (CVE-2015-5475) and via the cryptography interface, allowing an attacker with a carefully-crafted key to inject JavaScript into RT's user interface. Installations which use neither GnuPG nor S/MIME are unaffected by the second cross-site scripting vulnerability.
Family:	unix	Class:	patch
Status:	ACCEPTED	Reference(s):	CVE-2015-5475 DSA-3335-1
Platform(s):	Debian 8 Debian GNU/kFreeBSD 7.0 Debian GNU/Linux 7.0	Product(s):	request-tracker4
Definition Synopsis
Debian 7 Debian 7 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed OR Debian GNU/kFreeBSD is installed AND request-tracker4 is earlier than 0:4.0.7-5+deb7u4 OR Debian 8 Debian 8 is installed AND request-tracker4 is earlier than 0:4.2.8-3+deb8u1

BACK