Vulnerability Name: | CVE-2013-3737 (CCN-84964) | ||||||||
Assigned: | 2013-06-12 | ||||||||
Published: | 2013-06-12 | ||||||||
Updated: | 2015-02-10 | ||||||||
Summary: | The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13, when using the file-based session store (Apache::Session::File) and certain authentication extensions, allows remote attackers to reuse unauthorized sessions and obtain user preferences and caches via unspecified vectors. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-200 | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: MITRE Type: CNA CVE-2013-3737 Source: CCN Type: rt-announce Mailing List, Wed Jun 12 15:28:54 EDT 2013 Security vulnerability in RT::Extension::MobileUI Source: MLIST Type: Patch [rt-announce] 20130612 Security vulnerability in RT::Extension::MobileUI Source: CCN Type: CPAN Web site RT-Extension-MobileUI-1.04 Source: CCN Type: SA53799 RT::Extension::MobileUI Session Re-use and Attachment Filename Script Insertion Vulnerabilities Source: SECUNIA Type: UNKNOWN 53799 Source: OSVDB Type: UNKNOWN 94280 Source: XF Type: UNKNOWN rtextensionmobileui-cve20133737-info-disc(84964) Source: CCN Type: WhiteSource Vulnerability Database CVE-2013-3737 | ||||||||
Vulnerable Configuration: | Configuration 1:![]() | ||||||||
BACK |