[Bug 1200069] New: CVE-2015-1464 rt: session hijaking flaw in RSS feed handler

bugzilla at redhat.com bugzilla at redhat.com
Mon Mar 9 15:44:11 UTC 2015 

https://bugzilla.redhat.com/show_bug.cgi?id=1200069

            Bug ID: 1200069
           Summary: CVE-2015-1464 rt: session hijaking flaw in RSS feed
                    handler
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: high
          Priority: high
          Assignee: security-response-team at redhat.com
          Reporter: mprpic at redhat.com
                CC: perl-devel at lists.fedoraproject.org,
                    rc040203 at freenet.de, tibbs at math.uh.edu



A session hijaking flaw was found in Request Tracker's (RT) processed RSS feed
handler. A remote attacker could use an RSS feed URL to hijack a session of a
different user.

This flaw is fixed in 4.2.10:

https://bestpractical.com/release-notes/rt/4.2.10

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=OgkfPMAZCR&a=cc_unsubscribe

More information about the perl-devel mailing list