CVE-2014-9472

The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted email.

Published: Mar 9, 2015
Updated: Nov 9, 2025
CVE: CVE-2014-9472
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
debian / debian_linux	7.0	7.0.x
fedoraproject / fedora	22	22.x
fedoraproject / fedora	21	21.x
bestpractical / request_tracker	4.2.3	4.2.3.x
bestpractical / request_tracker	4.2.6	4.2.6.x
bestpractical / request_tracker	4.0.18	4.0.18.x
bestpractical / request_tracker	3.8.15	3.8.15.x
bestpractical / request_tracker	4.0.0	4.0.0.x
bestpractical / request_tracker	4.0.6	4.0.6.x
bestpractical / request_tracker	4.0.7	4.0.7.x
bestpractical / request_tracker	4.0.17	4.0.17.x
bestpractical / request_tracker	4.0.21	4.0.21.x
bestpractical / request_tracker	4.0.22	4.0.22.x
bestpractical / request_tracker	3.8.16	3.8.16.x
bestpractical / request_tracker	4.0.5	4.0.5.x
bestpractical / request_tracker	4.2.2	4.2.2.x
bestpractical / request_tracker	3.8.7	3.8.7.x
bestpractical / request_tracker	4.0.15	4.0.15.x
bestpractical / request_tracker	4.2.7	4.2.7.x
bestpractical / request_tracker	4.2.0	4.2.0.x
bestpractical / request_tracker	3.6.8	3.6.8.x
bestpractical / request_tracker	4.0.1	4.0.1.x
bestpractical / request_tracker	4.0.2	4.0.2.x
bestpractical / request_tracker	4.0.10	4.0.10.x
bestpractical / request_tracker	3.8.17	3.8.17.x
bestpractical / request_tracker	4.0.9	4.0.9.x
bestpractical / request_tracker	4.0.14	4.0.14.x
bestpractical / request_tracker	4.0.4	4.0.4.x
bestpractical / request_tracker	3.8.14	3.8.14.x
bestpractical / request_tracker	4.2.5	4.2.5.x
bestpractical / request_tracker	4.0.11	4.0.11.x
bestpractical / request_tracker	4.2.4	4.2.4.x
bestpractical / request_tracker	3.6.10	3.6.10.x
bestpractical / request_tracker	3.8.9	3.8.9.x
bestpractical / request_tracker	3.8.10	3.8.10.x
bestpractical / request_tracker	3.8.13	3.8.13.x
bestpractical / request_tracker	4.0.12	4.0.12.x
bestpractical / request_tracker	4.2.8	4.2.8.x
bestpractical / request_tracker	4.2.9	4.2.9.x
bestpractical / request_tracker	4.0.19	4.0.19.x
bestpractical / request_tracker	4.0.13	4.0.13.x
bestpractical / request_tracker	3.8.11	3.8.11.x
bestpractical / request_tracker	3.8.12	3.8.12.x
bestpractical / request_tracker	4.0.8	4.0.8.x
bestpractical / request_tracker	4.2.1	4.2.1.x
bestpractical / request_tracker	4.0.3	4.0.3.x
bestpractical / request_tracker	3.8.4	3.8.4.x
bestpractical / request_tracker	4.0.16	4.0.16.x
bestpractical / request_tracker	3.6.11	3.6.11.x
bestpractical / request_tracker	3.8.3	3.8.3.x
bestpractical / request_tracker	4.0.20	4.0.20.x

Vulnerability Database

299,879

CVE-2014-9472

Deep Security Visibility Without the Complexity