CVE-2010-3476 — Improper Input Validation in Otrs

CWE-20 — Improper Input Validation6 documents5 sources

Severity

5.0MEDIUMNVD

OSV3.5

EPSS

1.4%

top 19.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Otrs2 Otrs

Timeline

PublishedSep 20

Latest updateMay 17

Description

Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/otrs2< otrs2 2.4.8+dfsg1-1 (bullseye)

▶NVDotrs/otrs12 versions+11

🔴Vulnerability Details

GHSA

GHSA-99jw-r98g-wv3r: Open Ticket Request System (OTRS) 2↗2022-05-17

▶

OSV

CVE-2010-3476: Open Ticket Request System (OTRS) 2↗2010-09-20

▶

📋Vendor Advisories

Debian

CVE-2010-3476: otrs2 - Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does...↗2010

▶

💬Community

Bugzilla

CVE-2010-2080 CVE-2010-3476 otrs: multiple XSS vulnerabilities, DoS vulnerability↗2010-09-20

▶

Bugzilla

CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]↗2010-09-20

▶