What is the severity of CVE-2011-1007?

CVE-2011-1007 is considered a medium severity vulnerability due to its potential to allow credential theft on unattended workstations.

How do I fix CVE-2011-1007?

To fix CVE-2011-1007, upgrade to RT version 3.8.9 or later, which addresses the login form redirection issue.

Who is affected by CVE-2011-1007?

CVE-2011-1007 affects users of Best Practical Solutions RT versions prior to 3.8.9, including specific versions like 3.0.4 and 2.0.7.

What type of attack does CVE-2011-1007 facilitate?

CVE-2011-1007 facilitates a local attack where an attacker can exploit the absence of proper session management to retrieve login credentials.

Is a user login safe in RT versions affected by CVE-2011-1007?

User logins in affected RT versions are not safe due to the vulnerability allowing attackers to use the browser's back button to resubmit the login form.

Vulnerability/
CVE-2011-1007

low

2.1

CWE

255

28/2/2011

6/8/2024

CVE-2011-1007

First published: Mon Feb 28 2011(Updated: )

Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Bestpractical Rt	<=3.8.9
Bestpractical Rt	=3.0.4
Bestpractical Rt	=2.0.7
Bestpractical Rt	=3.8.9-rc2
Bestpractical Rt	=3.0.8
Bestpractical Rt	=3.8.8-rc2
Bestpractical Rt	=3.8.9-rc1
Bestpractical Rt	=2.0.6
Bestpractical Rt	=3.4.5
Bestpractical Rt	=3.0.2
Bestpractical Rt	=2.0.14
Bestpractical Rt	=3.6.7
Bestpractical Rt	=3.6.2
Bestpractical Rt	=3.2.2
Bestpractical Rt	=3.6.3
Bestpractical Rt	=3.0.11
Bestpractical Rt	=3.8.2
Bestpractical Rt	=3.8.8-rc4
Bestpractical Rt	=2.0.15
Bestpractical Rt	=3.6.0
Bestpractical Rt	=2.0.5.3
Bestpractical Rt	=1.0.7
Bestpractical Rt	=1.0.1
Bestpractical Rt	=3.8.0
Bestpractical Rt	=3.4.0
Bestpractical Rt	=1.0.5
Bestpractical Rt	=2.0.8.2
Bestpractical Rt	=2.0.13
Bestpractical Rt	=3.0.10
Bestpractical Rt	=3.8.8-rc3
Bestpractical Rt	=2.0.11
Bestpractical Rt	=2.0.0
Bestpractical Rt	=2.0.1
Bestpractical Rt	=3.2.3
Bestpractical Rt	=2.0.2
Bestpractical Rt	=3.0.5
Bestpractical Rt	=3.2.0
Bestpractical Rt	=3.0.0
Bestpractical Rt	=3.4.6
Bestpractical Rt	=3.0.3
Bestpractical Rt	=3.4.3
Bestpractical Rt	=2.0.8
Bestpractical Rt	=3.6.9
Bestpractical Rt	=3.6.6
Bestpractical Rt	=2.0.5
Bestpractical Rt	=3.6.5
Bestpractical Rt	=1.0.2
Bestpractical Rt	=1.0.0
Bestpractical Rt	=3.0.1
Bestpractical Rt	=3.2.1
Bestpractical Rt	=3.8.5
Bestpractical Rt	=2.0.5.1
Bestpractical Rt	=3.4.4
Bestpractical Rt	=3.6.8
Bestpractical Rt	=1.0.4
Bestpractical Rt	=3.0.6
Bestpractical Rt	=3.8.6-rc1
Bestpractical Rt	=3.0.7
Bestpractical Rt	=3.0.7.1
Bestpractical Rt	=3.0.12
Bestpractical Rt	=3.0.9
Bestpractical Rt	=3.8.3
Bestpractical Rt	=3.6.1
Bestpractical Rt	=3.4.1
Bestpractical Rt	=3.8.6
Bestpractical Rt	=3.6.4
Bestpractical Rt	=2.0.4
Bestpractical Rt	=1.0.6
Bestpractical Rt	=3.8.1
Bestpractical Rt	=3.8.4
Bestpractical Rt	=2.0.9
Bestpractical Rt	=1.0.3
Bestpractical Rt	=2.0.3
Bestpractical Rt	=2.0.12
Bestpractical Rt	=3.8.7-rc1
Bestpractical Rt	=3.4.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-1007?
CVE-2011-1007 is considered a medium severity vulnerability due to its potential to allow credential theft on unattended workstations.
How do I fix CVE-2011-1007?
To fix CVE-2011-1007, upgrade to RT version 3.8.9 or later, which addresses the login form redirection issue.
Who is affected by CVE-2011-1007?
CVE-2011-1007 affects users of Best Practical Solutions RT versions prior to 3.8.9, including specific versions like 3.0.4 and 2.0.7.
What type of attack does CVE-2011-1007 facilitate?
CVE-2011-1007 facilitates a local attack where an attacker can exploit the absence of proper session management to retrieve login credentials.
Is a user login safe in RT versions affected by CVE-2011-1007?
User logins in affected RT versions are not safe due to the vulnerability allowing attackers to use the browser's back button to resubmit the login form.

collector/nvd-historical
collector/nvd-index
collector/nvd-api
agent/references
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/remedy
agent/last-modified-date
agent/description
agent/tags
agent/event
agent/first-publish-date
agent/source
vendor/bestpractical
canonical/bestpractical rt
version/bestpractical rt/3.8.9
version/bestpractical rt/3.0.4
version/bestpractical rt/2.0.7
version/bestpractical rt/3.8.9-rc2
version/bestpractical rt/3.0.8
version/bestpractical rt/3.8.8-rc2
version/bestpractical rt/3.8.9-rc1
version/bestpractical rt/2.0.6
version/bestpractical rt/3.4.5
version/bestpractical rt/3.0.2
version/bestpractical rt/2.0.14
version/bestpractical rt/3.6.7
version/bestpractical rt/3.6.2
version/bestpractical rt/3.2.2
version/bestpractical rt/3.6.3
version/bestpractical rt/3.0.11
version/bestpractical rt/3.8.2
version/bestpractical rt/3.8.8-rc4
version/bestpractical rt/2.0.15
version/bestpractical rt/3.6.0
version/bestpractical rt/2.0.5.3
version/bestpractical rt/1.0.7
version/bestpractical rt/1.0.1
version/bestpractical rt/3.8.0
version/bestpractical rt/3.4.0
version/bestpractical rt/1.0.5
version/bestpractical rt/2.0.8.2
version/bestpractical rt/2.0.13
version/bestpractical rt/3.0.10
version/bestpractical rt/3.8.8-rc3
version/bestpractical rt/2.0.11
version/bestpractical rt/2.0.0
version/bestpractical rt/2.0.1
version/bestpractical rt/3.2.3
version/bestpractical rt/2.0.2
version/bestpractical rt/3.0.5
version/bestpractical rt/3.2.0
version/bestpractical rt/3.0.0
version/bestpractical rt/3.4.6
version/bestpractical rt/3.0.3
version/bestpractical rt/3.4.3
version/bestpractical rt/2.0.8
version/bestpractical rt/3.6.9
version/bestpractical rt/3.6.6
version/bestpractical rt/2.0.5
version/bestpractical rt/3.6.5
version/bestpractical rt/1.0.2
version/bestpractical rt/1.0.0
version/bestpractical rt/3.0.1
version/bestpractical rt/3.2.1
version/bestpractical rt/3.8.5
version/bestpractical rt/2.0.5.1
version/bestpractical rt/3.4.4
version/bestpractical rt/3.6.8
version/bestpractical rt/1.0.4
version/bestpractical rt/3.0.6
version/bestpractical rt/3.8.6-rc1
version/bestpractical rt/3.0.7
version/bestpractical rt/3.0.7.1
version/bestpractical rt/3.0.12
version/bestpractical rt/3.0.9
version/bestpractical rt/3.8.3
version/bestpractical rt/3.6.1
version/bestpractical rt/3.4.1
version/bestpractical rt/3.8.6
version/bestpractical rt/3.6.4
version/bestpractical rt/2.0.4
version/bestpractical rt/1.0.6
version/bestpractical rt/3.8.1
version/bestpractical rt/3.8.4
version/bestpractical rt/2.0.9
version/bestpractical rt/1.0.3
version/bestpractical rt/2.0.3
version/bestpractical rt/2.0.12
version/bestpractical rt/3.8.7-rc1
version/bestpractical rt/3.4.2

CVE-2011-1007

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-1007?

How do I fix CVE-2011-1007?

Who is affected by CVE-2011-1007?

What type of attack does CVE-2011-1007 facilitate?

Is a user login safe in RT versions affected by CVE-2011-1007?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2011-1007?

How do I fix CVE-2011-1007?

Who is affected by CVE-2011-1007?

What type of attack does CVE-2011-1007 facilitate?

Is a user login safe in RT versions affected by CVE-2011-1007?