CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header.
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Rt | Bestpractical | 4.0.0 (including) | 4.0.0 (including) |
Rt | Bestpractical | 4.0.0-rc1 (including) | 4.0.0-rc1 (including) |
Rt | Bestpractical | 4.0.0-rc2 (including) | 4.0.0-rc2 (including) |
Rt | Bestpractical | 4.0.0-rc3 (including) | 4.0.0-rc3 (including) |
Rt | Bestpractical | 4.0.0-rc4 (including) | 4.0.0-rc4 (including) |
Rt | Bestpractical | 4.0.0-rc5 (including) | 4.0.0-rc5 (including) |
Rt | Bestpractical | 4.0.0-rc6 (including) | 4.0.0-rc6 (including) |
Rt | Bestpractical | 4.0.0-rc7 (including) | 4.0.0-rc7 (including) |
Rt | Bestpractical | 4.0.0-rc8 (including) | 4.0.0-rc8 (including) |
Rt | Bestpractical | 4.0.1 (including) | 4.0.1 (including) |
Rt | Bestpractical | 4.0.1-rc1 (including) | 4.0.1-rc1 (including) |
Rt | Bestpractical | 4.0.1-rc2 (including) | 4.0.1-rc2 (including) |
Rt | Bestpractical | 4.0.2 (including) | 4.0.2 (including) |
Rt | Bestpractical | 4.0.2-rc1 (including) | 4.0.2-rc1 (including) |
Rt | Bestpractical | 4.0.2-rc2 (including) | 4.0.2-rc2 (including) |
Rt | Bestpractical | 4.0.3 (including) | 4.0.3 (including) |
Rt | Bestpractical | 4.0.3-rc1 (including) | 4.0.3-rc1 (including) |
Rt | Bestpractical | 4.0.3-rc2 (including) | 4.0.3-rc2 (including) |
Rt | Bestpractical | 4.0.4 (including) | 4.0.4 (including) |
Rt | Bestpractical | 4.0.5 (including) | 4.0.5 (including) |
Rt | Bestpractical | 4.0.5-rc1 (including) | 4.0.5-rc1 (including) |
Rt | Bestpractical | 4.0.6 (including) | 4.0.6 (including) |
Rt | Bestpractical | 4.0.7 (including) | 4.0.7 (including) |
Rt | Bestpractical | 4.0.7-rc1 (including) | 4.0.7-rc1 (including) |
Rt | Bestpractical | 4.0.8 (including) | 4.0.8 (including) |
Rt | Bestpractical | 4.0.8-rc1 (including) | 4.0.8-rc1 (including) |
Rt | Bestpractical | 4.0.8-rc2 (including) | 4.0.8-rc2 (including) |
Rt | Bestpractical | 4.0.9 (including) | 4.0.9 (including) |
Rt | Bestpractical | 4.0.10 (including) | 4.0.10 (including) |
Rt | Bestpractical | 4.0.11 (including) | 4.0.11 (including) |
Rt | Bestpractical | 4.0.12 (including) | 4.0.12 (including) |
Request-tracker3.8 | Ubuntu | lucid | * |
Request-tracker3.8 | Ubuntu | precise | * |
Request-tracker3.8 | Ubuntu | upstream | * |
Request-tracker4 | Ubuntu | precise | * |
Request-tracker4 | Ubuntu | quantal | * |
Request-tracker4 | Ubuntu | raring | * |
Request-tracker4 | Ubuntu | upstream | * |