CVE-2009-3585

NameCVE-2009-3585
DescriptionSession fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverages a second web server within the same domain.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1944-1
NVD severitymedium (attack range: remote)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
request-tracker3.4source(unstable)(unfixed)medium
request-tracker3.4sourceetch3.4.5-2+etch1mediumDSA-1944-1
request-tracker3.6source(unstable)3.6.9-2low
request-tracker3.6sourceetch3.6.1-4+etch1mediumDSA-1944-1
request-tracker3.6sourcelenny3.6.7-5+lenny3mediumDSA-1944-1

Search for package or bug name: Reporting problems