1. Home
  2. CVE Database
  3. CVE-2013-3373
MEDIUM · 5.0

CVE-2013-3373

CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks vi...

Vulnerability Description

CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
BestpracticalRt4.0.0

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2013-3373?

CVE-2013-3373 is a vulnerability with a CVSS score of 5.0 (MEDIUM). CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks vi...

How severe is CVE-2013-3373?

CVE-2013-3373 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-3373?

Check the references section above for vendor advisories and patch information. Affected products include: Bestpractical Rt.