Vulnerability in Bestpractical Request_tracker

CVE-2012-6579

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail r…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.002 (48.3th percentile) — read the EPSS interpretation.

Affected products

Bestpractical Request_tracker — versions 3.8.3, 3.8.4, 3.8.7
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

[rt-announce] 20121025 Security vulnerabilities in RT (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)