CVE-2010-3476: Input Validation
First published: Mon Sep 20 2010(Updated: )
Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Otrs Otrs | =2.4.1 | |
| Otrs Otrs | =2.4.5 | |
| Otrs Otrs | =2.3.5 | |
| Otrs Otrs | =2.3.4 | |
| Otrs Otrs | =2.4.6 | |
| Otrs Otrs | =2.3.3 | |
| Otrs Otrs | =2.4.3 | |
| Otrs Otrs | =2.3.1 | |
| Otrs Otrs | =2.4.4 | |
| Otrs Otrs | =2.4.2 | |
| Otrs Otrs | =2.3.2 | |
| Otrs Otrs | =2.4.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://security-tracker.debian.org/tracker/CVE-2010-2080
- http://otrs.org/advisory/OSA-2010-02-en/
- http://secunia.com/advisories/41381
- http://www.securityfocus.com/bid/43264
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61869
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-historical
- collector/nvd-index
- vendor/otrs
- canonical/otrs otrs
- version/otrs otrs/2.4.1
- version/otrs otrs/2.4.5
- version/otrs otrs/2.3.5
- version/otrs otrs/2.3.4
- version/otrs otrs/2.4.6
- version/otrs otrs/2.3.3
- version/otrs otrs/2.4.3
- version/otrs otrs/2.3.1
- version/otrs otrs/2.4.4
- version/otrs otrs/2.4.2
- version/otrs otrs/2.3.2
- version/otrs otrs/2.4.7