CVE-2013-3372

N/A Unknown

Published: August 23, 2013 Modified: April 29, 2026

Description

Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html

Source: cve@mitre.org

Patch Vendor Advisory

http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html

Source: cve@mitre.org

Patch Vendor Advisory

http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/53505

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/53522

Source: cve@mitre.org

Vendor Advisory

http://www.debian.org/security/2012/dsa-2670

Source: cve@mitre.org

http://www.osvdb.org/93607

Source: cve@mitre.org

http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html