CVE-2013-3373

Description

CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a MIME header.

How to fix CVE-2013-3373

To remediate CVE-2013-3373, upgrade the affected package to a fixed version below.

• Debian/request-tracker4—upgrade to 4.0.12-2 or later

Is CVE-2013-3373 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 4.0.12-2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-3373