First published: Fri Apr 22 2011(Updated: )
Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allows remote attackers to read arbitrary files via a crafted HTTP request.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Best Practical Solutions Request Tracker | =3.4.5 | |
Best Practical Solutions Request Tracker | =3.6.7 | |
Best Practical Solutions Request Tracker | =3.6.2 | |
Best Practical Solutions Request Tracker | =3.2.2 | |
Best Practical Solutions Request Tracker | =3.6.3 | |
Best Practical Solutions Request Tracker | =3.6.0 | |
Best Practical Solutions Request Tracker | =3.4.0 | |
Best Practical Solutions Request Tracker | =3.6.10 | |
Best Practical Solutions Request Tracker | =3.2.3 | |
Best Practical Solutions Request Tracker | =3.2.0 | |
Best Practical Solutions Request Tracker | =3.4.6 | |
Best Practical Solutions Request Tracker | =3.4.3 | |
Best Practical Solutions Request Tracker | =3.6.9 | |
Best Practical Solutions Request Tracker | =3.6.6 | |
Best Practical Solutions Request Tracker | =3.6.5 | |
Best Practical Solutions Request Tracker | =3.2.1 | |
Best Practical Solutions Request Tracker | =3.4.4 | |
Best Practical Solutions Request Tracker | =3.6.8 | |
Best Practical Solutions Request Tracker | =3.6.1 | |
Best Practical Solutions Request Tracker | =3.4.1 | |
Best Practical Solutions Request Tracker | =3.6.4 | |
Best Practical Solutions Request Tracker | =3.4.2 | |
Best Practical Solutions Request Tracker | =3.8.7 | |
Best Practical Solutions Request Tracker | =3.8.9-rc2 | |
Best Practical Solutions Request Tracker | =3.8.8-rc2 | |
Best Practical Solutions Request Tracker | =3.8.9-rc1 | |
Best Practical Solutions Request Tracker | =3.8.2 | |
Best Practical Solutions Request Tracker | =3.8.8-rc4 | |
Best Practical Solutions Request Tracker | =3.8.0 | |
Best Practical Solutions Request Tracker | =3.8.9 | |
Best Practical Solutions Request Tracker | =3.8.8-rc3 | |
Best Practical Solutions Request Tracker | =3.8.9-rc3 | |
Best Practical Solutions Request Tracker | =3.8.5 | |
Best Practical Solutions Request Tracker | =3.8.6-rc1 | |
Best Practical Solutions Request Tracker | =3.8.8 | |
Best Practical Solutions Request Tracker | =3.8.3 | |
Best Practical Solutions Request Tracker | =3.8.6 | |
Best Practical Solutions Request Tracker | =3.8.1 | |
Best Practical Solutions Request Tracker | =3.8.4 | |
Best Practical Solutions Request Tracker | =3.8.7-rc1 | |
Best Practical Solutions Request Tracker | =4.0.0-rc4 | |
Best Practical Solutions Request Tracker | =4.0.0-rc7 | |
Best Practical Solutions Request Tracker | =4.0.0-rc3 | |
Best Practical Solutions Request Tracker | =4.0.0-rc6 | |
Best Practical Solutions Request Tracker | =4.0.0-rc5 | |
Best Practical Solutions Request Tracker | =4.0.0-rc2 | |
Best Practical Solutions Request Tracker | =4.0.0-rc1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-1688 has a severity rating that indicates it allows remote attackers to exploit a directory traversal vulnerability.
To fix CVE-2011-1688, you should upgrade to a version of Best Practical Solutions RT that is not affected by this vulnerability.
CVE-2011-1688 affects Best Practical Solutions RT versions from 3.2.0 through 3.6.10 and 3.8.0 through 3.8.9 as well as certain release candidates of version 4.0.0.
CVE-2011-1688 enables directory traversal attacks, allowing attackers to read arbitrary files on the server.
While an official workaround is not provided, restricting external access to the affected RT instances may mitigate some risks associated with CVE-2011-1688.