NVD

Id
7997  
Name
CVE-2011-1007  
Description
Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout.  
Reject
 
CVSS Version
2  
CVSS Score
2.1  
Severity
Low  
CVSS Base Score
2.1  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-07  
Published
2011-02-28  
Modified Date
2011-03-10  
Seq
2011-1007  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
45461 7997 CVE-2011-1007 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575  View
45462 7997 CVE-2011-1007 http://issues.bestpractical.com/Ticket/Display.html?id=15804  View
45463 7997 CVE-2011-1007 [rt-announce] 20110216 RT 3.8.9 Released  View
45464 7997 CVE-2011-1007 [oss-security] 20110222 Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition  View
45465 7997 CVE-2011-1007 [oss-security] 20110222 Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition  View
45466 7997 CVE-2011-1007 [oss-security] 20110222 CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition  View
45467 7997 CVE-2011-1007 [oss-security] 20110223 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition  View
45468 7997 CVE-2011-1007 [oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition  View
45469 7997 CVE-2011-1007 [oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition  View
45470 7997 CVE-2011-1007 [oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition  View
45471 7997 CVE-2011-1007 ADV-2011-0475  View
45472 7997 CVE-2011-1007 rt-login-information-disclosure(65771)  View
45473 7997 CVE-2011-1007 https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069  View
45474 7997 CVE-2011-1007 https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
34050 JVNDB-2011-004292 Best Practical Solutions RT における資格情報を取得される脆弱性 Best Practical Solutions RT には、ログインにおいて特定のリダイレクト操作を実行しないため、資格情報を取得される脆弱性が存在します。 CVE-2011-1007 48914 CVE-2011-1007 7997 2.1 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-004292.html 2011-02-28 2012-03-27 View