CVE-2011-0456
published 2011-03-11CVE-2011-0456: webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.00%
85.7th percentile
webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | otrs2 | < otrs2 2.4.5-1 (bullseye) | otrs2 2.4.5-1 (bullseye) |
| otrs | otrs | <= 2.3.4 | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c64g-c9hj-gqhg: webscript
ghsa_unreviewed·2022-05-17
CVE-2011-0456 [HIGH] CWE-78 GHSA-c64g-c9hj-gqhg: webscript
webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."
OSV
CVE-2011-0456: webscript
osv·2011-03-11·CVSS 7.5
CVE-2011-0456 [HIGH] CVE-2011-0456: webscript
webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."
Debian
CVE-2011-0456: otrs2 - webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remot...
vendor_debian·2011·CVSS 7.5
CVE-2011-0456 [HIGH] CVE-2011-0456: otrs2 - webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remot...
webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."
Scope: local
bullseye: resolved (fixed in 2.4.5-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-0456 otrs: arbitrary command execution flaw
bugzilla·2011-03-17·CVSS 7.5
CVE-2011-0456 [HIGH] CVE-2011-0456 otrs: arbitrary command execution flaw
CVE-2011-0456 otrs: arbitrary command execution flaw
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-0456 to
the following vulnerability:
Name: CVE-2011-0456
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0456
Assigned: 20110114
Reference: http://jvn.jp/en/jp/JVN73162541/index.html
Reference: http://jvndb.jvn.jp/jvndb/JVNDB-2011-000019
Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote
attackers to execute arbitrary commands via unspecified vectors,
related to a "command injection vulnerability."
I asked upstream about this and the only information they provided is that OTRS versions greater than 2.3.4 are not affected (have the fix). Request for clarification on whether this only affected 2.3.4, or how far back it went, or what was the
Bugzilla
CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]
bugzilla·2010-09-20·CVSS 4.3
CVE-2010-0438 [MEDIUM] CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]
CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=635845
Please note:
http://jvn.jp/en/jp/JVN73162541/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2011-000019http://secunia.com/advisories/43960https://hermes.opensuse.org/messages/7797670http://jvn.jp/en/jp/JVN73162541/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2011-000019http://secunia.com/advisories/43960https://hermes.opensuse.org/messages/7797670
2011-03-11
Published