CVE-2014-9472
request-tracker4 - security update
EPSS 0.88%
Description
The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.
How to fix CVE-2014-9472
To remediate CVE-2014-9472, upgrade the affected package to a fixed version below.
- Debian/request-tracker3.8—upgrade to 3.8.8-7+squeeze8 or later
- Debian/request-tracker4—upgrade to 4.2.8-3 or later
- Debian/request-tracker4—upgrade to 4.0.7-5+deb7u3 or later
Is CVE-2014-9472 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 3.8.8-7+squeeze8
- from 0, < 4.2.8-3
- from 0, < 4.0.7-5+deb7u3