What is CVE-2015-1165?

CVE-2015-1165 is a vulnerability in Bestpractical Request_tracker, classified under Information Disclosure. Published 2015-03-09.

Is CVE-2015-1165 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Bestpractical Request_tracker

CVE-2015-1165

RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.

Vulnerability class: Information Disclosure

EPSS: 0.004 (60.3th percentile) — read the EPSS interpretation.

Affected products

Bestpractical Request_tracker — versions 3.8.8, 3.8.9, 3.8.10
Debian Debian_linux — versions 7.0
Fedoraproject Fedora — versions 21, 22
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
DSA-3176 (vendor-advisory, x_refsource_DEBIAN)
FEDORA-2015-4698 (x_refsource_FEDORA, vendor-advisory)
FEDORA-2015-4666 (x_refsource_FEDORA, vendor-advisory)

Frequently asked questions

What is CVE-2015-1165?: CVE-2015-1165 is a vulnerability in Bestpractical Request_tracker, classified under Information Disclosure. Published 2015-03-09.
Is CVE-2015-1165 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.