CVE-2010-3476
published 2010-09-20CVE-2010-3476: Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML…
PriorityP419medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.52%
82.8th percentile
Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | otrs2 | < otrs2 2.4.8+dfsg1-1 (bullseye) | otrs2 2.4.8+dfsg1-1 (bullseye) |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv3.5LOW
vendor_debian3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2010-3476: otrs2 - Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does...
vendor_debian·2010·CVSS 3.5
CVE-2010-3476 [LOW] CVE-2010-3476: otrs2 - Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does...
Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080.
Scope: local
bullseye: resolved (fixed in 2.4.8+dfsg1-1)
GHSA
GHSA-99jw-r98g-wv3r: Open Ticket Request System (OTRS) 2
ghsa_unreviewed·2022-05-17·CVSS 3.5
CVE-2010-3476 [LOW] CWE-20 GHSA-99jw-r98g-wv3r: Open Ticket Request System (OTRS) 2
Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080.
OSV
CVE-2010-3476: Open Ticket Request System (OTRS) 2
osv·2010-09-20·CVSS 3.5
CVE-2010-3476 [LOW] CVE-2010-3476: Open Ticket Request System (OTRS) 2
Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-2080 CVE-2010-3476 otrs: multiple XSS vulnerabilities, DoS vulnerability
bugzilla·2010-09-20·CVSS 3.5
CVE-2010-2080 [LOW] CVE-2010-2080 CVE-2010-3476 otrs: multiple XSS vulnerabilities, DoS vulnerability
CVE-2010-2080 CVE-2010-3476 otrs: multiple XSS vulnerabilities, DoS vulnerability
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2080 to
the following vulnerability:
Name: CVE-2010-2080
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2080
Assigned: 20100526
Reference: CONFIRM: http://otrs.org/advisory/OSA-2010-02-en/
Reference: CONFIRM: http://security-tracker.debian.org/tracker/CVE-2010-2080
Reference: BID:43264
Reference: URL: http://www.securityfocus.com/bid/43264
Reference: SECUNIA:41381
Reference: URL: http://secunia.com/advisories/41381
Reference: XF:otrs-unspecified-xss(61868)
Reference: URL: http://xforce.iss.net/xforce/xfdb/61868
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket
Request System (OTRS) 2.3.x before 2.3.6 and 2.4.
Bugzilla
CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]
bugzilla·2010-09-20·CVSS 4.3
CVE-2010-0438 [MEDIUM] CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]
CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=635845
Please note:
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlhttp://otrs.org/advisory/OSA-2010-02-en/http://secunia.com/advisories/41381http://security-tracker.debian.org/tracker/CVE-2010-2080http://www.securityfocus.com/bid/43264https://exchange.xforce.ibmcloud.com/vulnerabilities/61869http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlhttp://otrs.org/advisory/OSA-2010-02-en/http://secunia.com/advisories/41381http://security-tracker.debian.org/tracker/CVE-2010-2080http://www.securityfocus.com/bid/43264https://exchange.xforce.ibmcloud.com/vulnerabilities/61869
2010-09-20
Published