What is the severity of CVE-2017-5361?

CVE-2017-5361 has a medium severity due to its potential to expose sensitive user passwords through timing attacks.

How do I fix CVE-2017-5361?

The recommended fix for CVE-2017-5361 is to upgrade Request Tracker to version 4.0.25, 4.2.14, or 4.4.2 or later.

What versions are affected by CVE-2017-5361?

CVE-2017-5361 affects Request Tracker versions 4.0.x prior to 4.0.25, 4.2.x prior to 4.2.14, and 4.4.x prior to 4.4.2.

What type of attack does CVE-2017-5361 enable?

CVE-2017-5361 enables remote attackers to exploit timing side-channel vulnerabilities to obtain sensitive information.

Is CVE-2017-5361 a local or remote vulnerability?

CVE-2017-5361 is a remote vulnerability, allowing attackers to exploit it without direct access to the server.

Vulnerability/
CVE-2017-5361

medium

5.9

3/7/2017

5/8/2024

CVE-2017-5361

First published: Mon Jul 03 2017(Updated: )

Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Request Tracker	=4.0.0
Request Tracker	=4.0.1
Request Tracker	=4.0.2
Request Tracker	=4.0.3
Request Tracker	=4.0.4
Request Tracker	=4.0.5
Request Tracker	=4.0.6
Request Tracker	=4.0.7
Request Tracker	=4.0.8
Request Tracker	=4.0.9
Request Tracker	=4.0.10
Request Tracker	=4.0.11
Request Tracker	=4.0.12
Request Tracker	=4.0.13
Request Tracker	=4.0.14
Request Tracker	=4.0.15
Request Tracker	=4.0.16
Request Tracker	=4.0.17
Request Tracker	=4.0.18
Request Tracker	=4.0.19
Request Tracker	=4.0.20
Request Tracker	=4.0.21
Request Tracker	=4.0.22
Request Tracker	=4.0.23
Request Tracker	=4.0.24
Request Tracker	=4.2.0
Request Tracker	=4.2.1
Request Tracker	=4.2.2
Request Tracker	=4.2.3
Request Tracker	=4.2.4
Request Tracker	=4.2.5
Request Tracker	=4.2.6
Request Tracker	=4.2.7
Request Tracker	=4.2.8
Request Tracker	=4.2.9
Request Tracker	=4.2.10
Request Tracker	=4.2.11
Request Tracker	=4.2.12
Request Tracker	=4.2.13
Request Tracker	=4.4.0
Request Tracker	=4.4.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-5361?
CVE-2017-5361 has a medium severity due to its potential to expose sensitive user passwords through timing attacks.
How do I fix CVE-2017-5361?
The recommended fix for CVE-2017-5361 is to upgrade Request Tracker to version 4.0.25, 4.2.14, or 4.4.2 or later.
What versions are affected by CVE-2017-5361?
CVE-2017-5361 affects Request Tracker versions 4.0.x prior to 4.0.25, 4.2.x prior to 4.2.14, and 4.4.x prior to 4.4.2.
What type of attack does CVE-2017-5361 enable?
CVE-2017-5361 enables remote attackers to exploit timing side-channel vulnerabilities to obtain sensitive information.
Is CVE-2017-5361 a local or remote vulnerability?
CVE-2017-5361 is a remote vulnerability, allowing attackers to exploit it without direct access to the server.

agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/last-modified-date
agent/author
agent/first-publish-date
agent/event
agent/description
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/bestpractical
canonical/request tracker
version/request tracker/4.0.0
version/request tracker/4.0.1
version/request tracker/4.0.2
version/request tracker/4.0.3
version/request tracker/4.0.4
version/request tracker/4.0.5
version/request tracker/4.0.6
version/request tracker/4.0.7
version/request tracker/4.0.8
version/request tracker/4.0.9
version/request tracker/4.0.10
version/request tracker/4.0.11
version/request tracker/4.0.12
version/request tracker/4.0.13
version/request tracker/4.0.14
version/request tracker/4.0.15
version/request tracker/4.0.16
version/request tracker/4.0.17
version/request tracker/4.0.18
version/request tracker/4.0.19
version/request tracker/4.0.20
version/request tracker/4.0.21
version/request tracker/4.0.22
version/request tracker/4.0.23
version/request tracker/4.0.24
version/request tracker/4.2.0
version/request tracker/4.2.1
version/request tracker/4.2.2
version/request tracker/4.2.3
version/request tracker/4.2.4
version/request tracker/4.2.5
version/request tracker/4.2.6
version/request tracker/4.2.7
version/request tracker/4.2.8
version/request tracker/4.2.9
version/request tracker/4.2.10
version/request tracker/4.2.11
version/request tracker/4.2.12
version/request tracker/4.2.13
version/request tracker/4.4.0
version/request tracker/4.4.1