Boletines de Vulnerabilidades

DSA-3335 request-tracker4 - security update

Información sobre el sistema
   
Software afectado Debian

Descripción
It was discovered that Request Tracker, an extensible trouble-tickettracking system is susceptible to a cross-site scripting attack via theuser and group rights management pages (CVE-2015-5475) and via thecryptography interface, allowing an attacker with a carefully-craftedkey to inject JavaScript into RTs user interface. Installations whichuse neither GnuPG nor S/MIME are unaffected by the second cross-sitescripting vulnerability.

More info:

https://www.debian.org/security/2015/dsa-3335

Identificadores estándar
Propiedad Valor
CVE CVE-2015-5475 and DSA-3335.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2015-08-15

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT