[Bug 1200069] New: CVE-2015-1464 rt: session hijaking flaw in RSS feed handler
bugzilla at redhat.com
bugzilla at redhat.com
Mon Mar 9 15:44:11 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1200069
Bug ID: 1200069
Summary: CVE-2015-1464 rt: session hijaking flaw in RSS feed
handler
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team at redhat.com
Reporter: mprpic at redhat.com
CC: perl-devel at lists.fedoraproject.org,
rc040203 at freenet.de, tibbs at math.uh.edu
A session hijaking flaw was found in Request Tracker's (RT) processed RSS feed
handler. A remote attacker could use an RSS feed URL to hijack a session of a
different user.
This flaw is fixed in 4.2.10:
https://bestpractical.com/release-notes/rt/4.2.10
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=OgkfPMAZCR&a=cc_unsubscribe
More information about the perl-devel
mailing list