CVE-2013-3373
Published: 23 August 2013
CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header.
Priority
Status
Package | Release | Status |
---|---|---|
request-tracker3.8 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Ignored
(end of life)
|
|
quantal |
Does not exist
|
|
raring |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(3.8.17)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
request-tracker4 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Not vulnerable
(4.0.13-1)
|
|
trusty |
Does not exist
(trusty was not-affected [4.0.19-1])
|
|
upstream |
Released
(4.0.13)
|
|
utopic |
Not vulnerable
(4.0.19-1)
|
|
vivid |
Not vulnerable
(4.0.19-1)
|
|
wily |
Not vulnerable
(4.0.19-1)
|
|
xenial |
Not vulnerable
(4.0.19-1)
|
|
yakkety |
Not vulnerable
(4.0.19-1)
|
|
zesty |
Not vulnerable
(4.0.19-1)
|