CVE-2009-3585

NameCVE-2009-3585
DescriptionSession fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same domain.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1944-1

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
request-tracker3.4sourceetch3.4.5-2+etch1DSA-1944-1
request-tracker3.4source(unstable)(unfixed)
request-tracker3.6sourceetch3.6.1-4+etch1DSA-1944-1
request-tracker3.6sourcelenny3.6.7-5+lenny3DSA-1944-1
request-tracker3.6source(unstable)3.6.9-2low

Search for package or bug name: Reporting problems