CVE-2015-1464
EPSS 0.35%
Description
RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL.
How to fix CVE-2015-1464
To remediate CVE-2015-1464, upgrade the affected package to a fixed version below.
- Debian/request-tracker4—upgrade to 4.2.8-3 or later
Is CVE-2015-1464 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.2.8-3