CRLF Injection Vulnerability in Request Tracker by Best Practical

CVE-2013-3373

What is CVE-2013-3373?

The vulnerability in Request Tracker versions 3.8.x prior to 3.8.17 and 4.0.x prior to 4.0.13 permits remote attackers to inject harmful HTTP headers through manipulation of MIME headers. This can lead to HTTP response splitting attacks, potentially compromising web session integrity and impacting application security.

References