[Bug 1200065] New: CVE-2015-1165 rt: information disclosure flaw in RSS feed handler

bugzilla at redhat.com bugzilla at redhat.com
Mon Mar 9 15:41:20 UTC 2015


https://bugzilla.redhat.com/show_bug.cgi?id=1200065

            Bug ID: 1200065
           Summary: CVE-2015-1165 rt: information disclosure flaw in RSS
                    feed handler
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team at redhat.com
          Reporter: mprpic at redhat.com
                CC: perl-devel at lists.fedoraproject.org,
                    rc040203 at freenet.de, tibbs at math.uh.edu



An information disclosure flaw was found in Request Tracker's (RT) processed
RSS feed handler. A remote attacker could use this flaw to disclose RSS feed
URLs, which can potentially contain sensitive ticket data.

This flaw is fixed in 4.2.10:

https://bestpractical.com/release-notes/rt/4.2.10

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=dSVy5FoXQF&a=cc_unsubscribe



More information about the perl-devel mailing list