VIR Vulnerability Intelligence Relay

CVE-2011-1007

low
Published 2011-02-28 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
2.1

Description

Best Practical Solutions RT before 3.8.9 does not perform certain redirect actions upon a login, which allows physically proximate attackers to obtain credentials by resubmitting the login form via the back button of a web browser on an unattended workstation after an RT logout.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact
VendorProductVersionsFixed
bestpracticalrt{"endIncluding":"3.8.9"}
bestpracticalrt1.0.0
bestpracticalrt1.0.1
bestpracticalrt1.0.2
bestpracticalrt1.0.3
bestpracticalrt1.0.4
bestpracticalrt1.0.5
bestpracticalrt1.0.6
bestpracticalrt1.0.7
bestpracticalrt2.0.0
bestpracticalrt2.0.1
bestpracticalrt2.0.2
bestpracticalrt2.0.3
bestpracticalrt2.0.4
bestpracticalrt2.0.5
bestpracticalrt2.0.5.1
bestpracticalrt2.0.5.3
bestpracticalrt2.0.6
bestpracticalrt2.0.7
bestpracticalrt2.0.8
bestpracticalrt2.0.8.2
bestpracticalrt2.0.9
bestpracticalrt2.0.11
bestpracticalrt2.0.12
bestpracticalrt2.0.13
bestpracticalrt2.0.14
bestpracticalrt2.0.15
bestpracticalrt3.0.0
bestpracticalrt3.0.1
bestpracticalrt3.0.2
bestpracticalrt3.0.3
bestpracticalrt3.0.4
bestpracticalrt3.0.5
bestpracticalrt3.0.6
bestpracticalrt3.0.7
bestpracticalrt3.0.7.1
bestpracticalrt3.0.8
bestpracticalrt3.0.9
bestpracticalrt3.0.10
bestpracticalrt3.0.11
bestpracticalrt3.0.12
bestpracticalrt3.2.0
bestpracticalrt3.2.1
bestpracticalrt3.2.2
bestpracticalrt3.2.3
bestpracticalrt3.4.0
bestpracticalrt3.4.1
bestpracticalrt3.4.2
bestpracticalrt3.4.3
bestpracticalrt3.4.4
bestpracticalrt3.4.5
bestpracticalrt3.4.6
bestpracticalrt3.6.0
bestpracticalrt3.6.1
bestpracticalrt3.6.2
bestpracticalrt3.6.3
bestpracticalrt3.6.4
bestpracticalrt3.6.5
bestpracticalrt3.6.6
bestpracticalrt3.6.7
bestpracticalrt3.6.8
bestpracticalrt3.6.9
bestpracticalrt3.8.0
bestpracticalrt3.8.1
bestpracticalrt3.8.2
bestpracticalrt3.8.3
bestpracticalrt3.8.4
bestpracticalrt3.8.5
bestpracticalrt3.8.6
bestpracticalrt3.8.7
bestpracticalrt3.8.8
bestpracticalrt3.8.9

References

CWEs

CWE-255

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.