Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 337994 (CVE-2010-2080) - www-apps/otrs: Multiple Vulnerabilities (CVE-2010-2080)
Summary: www-apps/otrs: Multiple Vulnerabilities (CVE-2010-2080)
Status: RESOLVED DUPLICATE of bug 337755
Alias: CVE-2010-2080
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL: http://otrs.org/advisory/OSA-2010-02-en/
Whiteboard: ~3 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-09-19 05:20 UTC by Tim Sammut (RETIRED)
Modified: 2010-09-19 05:23 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2010-09-19 05:20:36 UTC
From $URL:

Multiple Cross Site Scripting issues

  Missing HTML quoting allows authenticated agents or customers to inject
  HTML tags.

  This vulnerability allows an attacker to inject script code
  into the OTRS web-interface which will be loaded and executed
  in the browsers of system users.

Possible Denial of Service Attack

  Perl's regular expressions consume 100% CPU time on the server
  if an agents or customer views an affected article.

  To exploit this vulnerability the malicious user needs to send
  extremely large HTML emails to your system address.

Affected by these vulnerabilities are all releases of OTRS 2.3.x and 2.4.x up
to and including 2.4.7.
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2010-09-19 05:23:00 UTC

*** This bug has been marked as a duplicate of bug 337755 ***