CVE-2015-1464 : RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote att

RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.

Published 2015-03-09 14:59:06

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2015-1464

Fedoraproject » Fedora » Version: 21
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 22
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
Matching versions
Bestpractical » Request Tracker
Versions up to, including, (<=) 4.0.22
cpe:2.3:a:bestpractical:request_tracker:*:*:*:*:*:*:*:*
Matching versions
Bestpractical » Request Tracker » Version: 4.2.8
cpe:2.3:a:bestpractical:request_tracker:4.2.8:*:*:*:*:*:*:*
Matching versions
Bestpractical » Request Tracker » Version: 4.2.9
cpe:2.3:a:bestpractical:request_tracker:4.2.9:*:*:*:*:*:*:*
Matching versions
Bestpractical » Request Tracker » Version: 4.2.4
cpe:2.3:a:bestpractical:request_tracker:4.2.4:*:*:*:*:*:*:*
Matching versions
Bestpractical » Request Tracker » Version: 4.2.6
cpe:2.3:a:bestpractical:request_tracker:4.2.6:*:*:*:*:*:*:*
Matching versions
Bestpractical » Request Tracker » Version: 4.2.0
cpe:2.3:a:bestpractical:request_tracker:4.2.0:*:*:*:*:*:*:*
Matching versions
Bestpractical » Request Tracker » Version: 4.2.1
cpe:2.3:a:bestpractical:request_tracker:4.2.1:*:*:*:*:*:*:*
Matching versions
Bestpractical » Request Tracker » Version: 4.2.2
cpe:2.3:a:bestpractical:request_tracker:4.2.2:*:*:*:*:*:*:*
Matching versions
Bestpractical » Request Tracker » Version: 4.2.3
cpe:2.3:a:bestpractical:request_tracker:4.2.3:*:*:*:*:*:*:*
Matching versions
Bestpractical » Request Tracker » Version: 4.2.5
cpe:2.3:a:bestpractical:request_tracker:4.2.5:*:*:*:*:*:*:*
Matching versions
Bestpractical » Request Tracker » Version: 4.2.7
cpe:2.3:a:bestpractical:request_tracker:4.2.7:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-1464

EPSS FAQ

0.35%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 57 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-1464

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:P/A:N	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2015-1464

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-1464

http://www.debian.org/security/2015/dsa-3176

Debian -- Security Information -- DSA-3176-1 request-tracker4

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154047.html

[SECURITY] Fedora 22 Update: rt-4.2.10-2.fc22

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154213.html

[SECURITY] Fedora 21 Update: rt-4.2.10-2.fc21

CVEs referencing this url
http://blog.bestpractical.com/2015/02/security-vulnerabilities-in-rt.html

Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2015-1464

Products affected by CVE-2015-1464

Exploit prediction scoring system (EPSS) score for CVE-2015-1464

CVSS scores for CVE-2015-1464

CWE ids for CVE-2015-1464

References for CVE-2015-1464