CVE-2010-4767 — Improper Input Validation in Otrs

CWE-20 — Improper Input Validation5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 30.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Otrs2 Otrs

Timeline

PublishedMar 18

Latest updateMay 17

Description

Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/otrs2< otrs2 2.4.5-1 (bullseye)

▶NVDotrs/otrs2.3.5+51

🔴Vulnerability Details

GHSA

GHSA-w9x9-fc49-2chx: Open Ticket Request System (OTRS) before 2↗2022-05-17

▶

OSV

CVE-2010-4767: Open Ticket Request System (OTRS) before 2↗2011-03-18

▶

📋Vendor Advisories

Debian

CVE-2010-4767: otrs2 - Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail m...↗2010

▶

💬Community

Bugzilla

CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]↗2010-09-20

▶