CVE-2012-6579

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queue's address.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html	Patch Vendor Advisory
http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bestpractical:request_tracker:3.8.3:::::::*
	cpe:2.3:a:bestpractical:request_tracker:3.8.4:::::::*
	cpe:2.3:a:bestpractical:request_tracker:3.8.7:::::::*
	cpe:2.3:a:bestpractical:request_tracker:3.8.9:::::::*
	cpe:2.3:a:bestpractical:request_tracker:3.8.10:::::::*
	cpe:2.3:a:bestpractical:request_tracker:3.8.11:::::::*
	cpe:2.3:a:bestpractical:request_tracker:3.8.12:::::::*
	cpe:2.3:a:bestpractical:request_tracker:3.8.13:::::::*
	cpe:2.3:a:bestpractical:request_tracker:3.8.14:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:bestpractical:request_tracker:4.0.0:::::::*
	cpe:2.3:a:bestpractical:request_tracker:4.0.1:::::::*
	cpe:2.3:a:bestpractical:request_tracker:4.0.2:::::::*
	cpe:2.3:a:bestpractical:request_tracker:4.0.3:::::::*
	cpe:2.3:a:bestpractical:request_tracker:4.0.4:::::::*
	cpe:2.3:a:bestpractical:request_tracker:4.0.5:::::::*
	cpe:2.3:a:bestpractical:request_tracker:4.0.6:::::::*
	cpe:2.3:a:bestpractical:request_tracker:4.0.7:::::::*

History

21 Nov 2024, 01:46

Type	Values Removed	Values Added
References	~~() http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html - Patch, Vendor Advisory~~	() http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html - Patch, Vendor Advisory

Information

Published : 2013-07-24 12:01

Updated : 2024-11-21 01:46

NVD link : CVE-2012-6579

Mitre link : CVE-2012-6579

CVE.ORG link : CVE-2012-6579

JSON object : View

Products Affected

bestpractical

request_tracker

CWE

CWE-310

Cryptographic Issues

6.4 /10