cpe:/a:bestpractical:rt:1.0.0 cpe:/a:bestpractical:rt:1.0.1 cpe:/a:bestpractical:rt:1.0.2 cpe:/a:bestpractical:rt:1.0.3 cpe:/a:bestpractical:rt:1.0.4 cpe:/a:bestpractical:rt:1.0.5 cpe:/a:bestpractical:rt:1.0.6 cpe:/a:bestpractical:rt:1.0.7 cpe:/a:bestpractical:rt:2.0.0 cpe:/a:bestpractical:rt:2.0.1 cpe:/a:bestpractical:rt:2.0.2 cpe:/a:bestpractical:rt:2.0.3 cpe:/a:bestpractical:rt:2.0.4 cpe:/a:bestpractical:rt:2.0.5 cpe:/a:bestpractical:rt:2.0.5.1 cpe:/a:bestpractical:rt:2.0.5.3 cpe:/a:bestpractical:rt:2.0.6 cpe:/a:bestpractical:rt:2.0.7 cpe:/a:bestpractical:rt:2.0.8 cpe:/a:bestpractical:rt:2.0.8.2 cpe:/a:bestpractical:rt:2.0.9 cpe:/a:bestpractical:rt:2.0.11 cpe:/a:bestpractical:rt:2.0.12 cpe:/a:bestpractical:rt:2.0.13 cpe:/a:bestpractical:rt:2.0.14 cpe:/a:bestpractical:rt:2.0.15 cpe:/a:bestpractical:rt:3.0.0 cpe:/a:bestpractical:rt:3.0.1 cpe:/a:bestpractical:rt:3.0.2 cpe:/a:bestpractical:rt:3.0.3 cpe:/a:bestpractical:rt:3.0.4 cpe:/a:bestpractical:rt:3.0.5 cpe:/a:bestpractical:rt:3.0.6 cpe:/a:bestpractical:rt:3.0.7 cpe:/a:bestpractical:rt:3.0.7.1 cpe:/a:bestpractical:rt:3.0.8 cpe:/a:bestpractical:rt:3.0.9 cpe:/a:bestpractical:rt:3.0.10 cpe:/a:bestpractical:rt:3.0.11 cpe:/a:bestpractical:rt:3.0.12 cpe:/a:bestpractical:rt:3.2.0 cpe:/a:bestpractical:rt:3.2.1 cpe:/a:bestpractical:rt:3.2.2 cpe:/a:bestpractical:rt:3.2.3 cpe:/a:bestpractical:rt:3.4.0 cpe:/a:bestpractical:rt:3.4.1 cpe:/a:bestpractical:rt:3.4.2 cpe:/a:bestpractical:rt:3.4.3 cpe:/a:bestpractical:rt:3.4.4 cpe:/a:bestpractical:rt:3.4.5 cpe:/a:bestpractical:rt:3.4.6 cpe:/a:bestpractical:rt:3.6.0 cpe:/a:bestpractical:rt:3.6.1 cpe:/a:bestpractical:rt:3.6.2 cpe:/a:bestpractical:rt:3.6.3 cpe:/a:bestpractical:rt:3.6.4 cpe:/a:bestpractical:rt:3.6.5 cpe:/a:bestpractical:rt:3.6.6 cpe:/a:bestpractical:rt:3.6.7 cpe:/a:bestpractical:rt:3.6.8 cpe:/a:bestpractical:rt:3.6.9 cpe:/a:bestpractical:rt:3.8.0 cpe:/a:bestpractical:rt:3.8.1 cpe:/a:bestpractical:rt:3.8.2 cpe:/a:bestpractical:rt:3.8.3 cpe:/a:bestpractical:rt:3.8.4 cpe:/a:bestpractical:rt:3.8.5 cpe:/a:bestpractical:rt:3.8.6 cpe:/a:bestpractical:rt:3.8.6:rc1 cpe:/a:bestpractical:rt:3.8.7:rc1 cpe:/a:bestpractical:rt:3.8.8:rc2 cpe:/a:bestpractical:rt:3.8.8:rc3 cpe:/a:bestpractical:rt:3.8.8:rc4 cpe:/a:bestpractical:rt:3.8.9:rc1 cpe:/a:bestpractical:rt:3.8.9:rc2 cpe:/a:bestpractical:rt:3.8.9:rc3 CVE-2011-1007 2011-02-28T11:00:01.603-05:00 2017-08-16T21:33:46.993-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2011-03-01T09:03:00.000-05:00 SECUNIA 43438 OSVDB 71012 VUPEN ADV-2011-0475 MLIST [oss-security] 20110222 CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition MLIST [oss-security] 20110222 Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition MLIST [oss-security] 20110223 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition MLIST [oss-security] 20110224 Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition MLIST [rt-announce] 20110216 RT 3.8.9 Released CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614575 CONFIRM http://issues.bestpractical.com/Ticket/Display.html?id=15804 CONFIRM https://github.com/bestpractical/rt/commit/057552287159e801535e59b8fbd5bd98d1322069 CONFIRM https://github.com/bestpractical/rt/commit/917c211820590950f7eb0521f7f43b31aeed44c4 XF rt-login-information-disclosure(65771) Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout.