CVE-2010-4767
published 2011-03-18CVE-2010-4767: Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with…
PriorityP420medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
1.69%
74.2th percentile
Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox.
Affected
53 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | otrs2 | < otrs2 2.4.5-1 (bullseye) | otrs2 2.4.5-1 (bullseye) |
| otrs | otrs | <= 2.3.5 | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2010-4767: otrs2 - Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail m...
vendor_debian·2010·CVSS 5.0
CVE-2010-4767 [MEDIUM] CVE-2010-4767: otrs2 - Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail m...
Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox.
Scope: local
bullseye: resolved (fixed in 2.4.5-1)
GHSA
GHSA-w9x9-fc49-2chx: Open Ticket Request System (OTRS) before 2
ghsa_unreviewed·2022-05-17
CVE-2010-4767 [MEDIUM] CWE-20 GHSA-w9x9-fc49-2chx: Open Ticket Request System (OTRS) before 2
Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox.
OSV
CVE-2010-4767: Open Ticket Request System (OTRS) before 2
osv·2011-03-18·CVSS 5.0
CVE-2010-4767 [MEDIUM] CVE-2010-4767: Open Ticket Request System (OTRS) before 2
Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox.
No detection rules found.
No public exploits indexed.
2011-03-18
Published