Vigil@nce - OTRS 2.x: five vulnerabilities
March 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
Five vulnerabilities of Open Ticket Request System can be used by
an attacker to create a denial of service or to obtain information.
Severity: 2/4
Creation date: 22/03/2011
IMPACTED PRODUCTS
– OTRS
DESCRIPTION OF THE VULNERABILITY
Five vulnerabilities were announced in Open Ticket Request System.
OTRS versions before the branch 3 allow an attacker to do a full
text search on several years, in order to create denial of
service. [severity:2/4; 1639, CVE-2010-4759]
OTRS versions before the branch 3 allow an attacker to read the
field email-notification-ext, in order to obtain an email address.
[severity:1/4; 5975, CVE-2010-4760]
OTRS versions before the branch 3 allow an attacker to obtain
information in the print dialog. [severity:1/4; 5875,
CVE-2010-4761]
OTRS versions before the branch 3 allow an attacker to create a
Cross Site Scripting in the rich-text-editor component.
[severity:2/4; 5724, CVE-2010-4762]
OTRS versions before the branch 3 allow an attacker to use AJAX,
in order to bypass ACL. [severity:2/4; 4399, CVE-2010-4763]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OTRS-2-x-five-vulnerabilities-10478