What is the severity of CVE-2011-1688?

CVE-2011-1688 has a severity rating that indicates it allows remote attackers to exploit a directory traversal vulnerability.

How do I fix CVE-2011-1688?

To fix CVE-2011-1688, you should upgrade to a version of Best Practical Solutions RT that is not affected by this vulnerability.

What versions of RT are affected by CVE-2011-1688?

CVE-2011-1688 affects Best Practical Solutions RT versions from 3.2.0 through 3.6.10 and 3.8.0 through 3.8.9 as well as certain release candidates of version 4.0.0.

What type of attacks does CVE-2011-1688 enable?

CVE-2011-1688 enables directory traversal attacks, allowing attackers to read arbitrary files on the server.

Is there a workaround for CVE-2011-1688 if I cannot upgrade RT?

While an official workaround is not provided, restricting external access to the affected RT instances may mitigate some risks associated with CVE-2011-1688.

Vulnerability/
CVE-2011-1688

medium

4.3

CWE

22/4/2011

6/8/2024

CVE-2011-1688: Path Traversal

First published: Fri Apr 22 2011(Updated: )

Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Best Practical Solutions Request Tracker	=3.4.5
Best Practical Solutions Request Tracker	=3.6.7
Best Practical Solutions Request Tracker	=3.6.2
Best Practical Solutions Request Tracker	=3.2.2
Best Practical Solutions Request Tracker	=3.6.3
Best Practical Solutions Request Tracker	=3.6.0
Best Practical Solutions Request Tracker	=3.4.0
Best Practical Solutions Request Tracker	=3.6.10
Best Practical Solutions Request Tracker	=3.2.3
Best Practical Solutions Request Tracker	=3.2.0
Best Practical Solutions Request Tracker	=3.4.6
Best Practical Solutions Request Tracker	=3.4.3
Best Practical Solutions Request Tracker	=3.6.9
Best Practical Solutions Request Tracker	=3.6.6
Best Practical Solutions Request Tracker	=3.6.5
Best Practical Solutions Request Tracker	=3.2.1
Best Practical Solutions Request Tracker	=3.4.4
Best Practical Solutions Request Tracker	=3.6.8
Best Practical Solutions Request Tracker	=3.6.1
Best Practical Solutions Request Tracker	=3.4.1
Best Practical Solutions Request Tracker	=3.6.4
Best Practical Solutions Request Tracker	=3.4.2
Best Practical Solutions Request Tracker	=3.8.7
Best Practical Solutions Request Tracker	=3.8.9-rc2
Best Practical Solutions Request Tracker	=3.8.8-rc2
Best Practical Solutions Request Tracker	=3.8.9-rc1
Best Practical Solutions Request Tracker	=3.8.2
Best Practical Solutions Request Tracker	=3.8.8-rc4
Best Practical Solutions Request Tracker	=3.8.0
Best Practical Solutions Request Tracker	=3.8.9
Best Practical Solutions Request Tracker	=3.8.8-rc3
Best Practical Solutions Request Tracker	=3.8.9-rc3
Best Practical Solutions Request Tracker	=3.8.5
Best Practical Solutions Request Tracker	=3.8.6-rc1
Best Practical Solutions Request Tracker	=3.8.8
Best Practical Solutions Request Tracker	=3.8.3
Best Practical Solutions Request Tracker	=3.8.6
Best Practical Solutions Request Tracker	=3.8.1
Best Practical Solutions Request Tracker	=3.8.4
Best Practical Solutions Request Tracker	=3.8.7-rc1
Best Practical Solutions Request Tracker	=4.0.0-rc4
Best Practical Solutions Request Tracker	=4.0.0-rc7
Best Practical Solutions Request Tracker	=4.0.0-rc3
Best Practical Solutions Request Tracker	=4.0.0-rc6
Best Practical Solutions Request Tracker	=4.0.0-rc5
Best Practical Solutions Request Tracker	=4.0.0-rc2
Best Practical Solutions Request Tracker	=4.0.0-rc1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-1688?
CVE-2011-1688 has a severity rating that indicates it allows remote attackers to exploit a directory traversal vulnerability.
How do I fix CVE-2011-1688?
To fix CVE-2011-1688, you should upgrade to a version of Best Practical Solutions RT that is not affected by this vulnerability.
What versions of RT are affected by CVE-2011-1688?
CVE-2011-1688 affects Best Practical Solutions RT versions from 3.2.0 through 3.6.10 and 3.8.0 through 3.8.9 as well as certain release candidates of version 4.0.0.
What type of attacks does CVE-2011-1688 enable?
CVE-2011-1688 enables directory traversal attacks, allowing attackers to read arbitrary files on the server.
Is there a workaround for CVE-2011-1688 if I cannot upgrade RT?
While an official workaround is not provided, restricting external access to the affected RT instances may mitigate some risks associated with CVE-2011-1688.

agent/references
agent/type
agent/softwarecombine
agent/remedy
collector/mitre-cve
source/MITRE
agent/weakness
agent/author
agent/last-modified-date
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/bestpractical
canonical/best practical solutions request tracker
version/best practical solutions request tracker/3.4.5
version/best practical solutions request tracker/3.6.7
version/best practical solutions request tracker/3.6.2
version/best practical solutions request tracker/3.2.2
version/best practical solutions request tracker/3.6.3
version/best practical solutions request tracker/3.6.0
version/best practical solutions request tracker/3.4.0
version/best practical solutions request tracker/3.6.10
version/best practical solutions request tracker/3.2.3
version/best practical solutions request tracker/3.2.0
version/best practical solutions request tracker/3.4.6
version/best practical solutions request tracker/3.4.3
version/best practical solutions request tracker/3.6.9
version/best practical solutions request tracker/3.6.6
version/best practical solutions request tracker/3.6.5
version/best practical solutions request tracker/3.2.1
version/best practical solutions request tracker/3.4.4
version/best practical solutions request tracker/3.6.8
version/best practical solutions request tracker/3.6.1
version/best practical solutions request tracker/3.4.1
version/best practical solutions request tracker/3.6.4
version/best practical solutions request tracker/3.4.2
version/best practical solutions request tracker/3.8.7
version/best practical solutions request tracker/3.8.9-rc2
version/best practical solutions request tracker/3.8.8-rc2
version/best practical solutions request tracker/3.8.9-rc1
version/best practical solutions request tracker/3.8.2
version/best practical solutions request tracker/3.8.8-rc4
version/best practical solutions request tracker/3.8.0
version/best practical solutions request tracker/3.8.9
version/best practical solutions request tracker/3.8.8-rc3
version/best practical solutions request tracker/3.8.9-rc3
version/best practical solutions request tracker/3.8.5
version/best practical solutions request tracker/3.8.6-rc1
version/best practical solutions request tracker/3.8.8
version/best practical solutions request tracker/3.8.3
version/best practical solutions request tracker/3.8.6
version/best practical solutions request tracker/3.8.1
version/best practical solutions request tracker/3.8.4
version/best practical solutions request tracker/3.8.7-rc1
version/best practical solutions request tracker/4.0.0-rc4
version/best practical solutions request tracker/4.0.0-rc7
version/best practical solutions request tracker/4.0.0-rc3
version/best practical solutions request tracker/4.0.0-rc6
version/best practical solutions request tracker/4.0.0-rc5
version/best practical solutions request tracker/4.0.0-rc2
version/best practical solutions request tracker/4.0.0-rc1

CVE-2011-1688: Path Traversal

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-1688?

How do I fix CVE-2011-1688?

What versions of RT are affected by CVE-2011-1688?

What type of attacks does CVE-2011-1688 enable?

Is there a workaround for CVE-2011-1688 if I cannot upgrade RT?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2011-1688?

How do I fix CVE-2011-1688?

What versions of RT are affected by CVE-2011-1688?

What type of attacks does CVE-2011-1688 enable?

Is there a workaround for CVE-2011-1688 if I cannot upgrade RT?