Summary
The target is running at least one instance of osTicket that enables a remote user to a open new ticket with an attachment of unlimited size. An attacker could exploit this vulnerability and cause a denial of service by filling up the filesystem used for attachments.
Solution
Upgrade to osTicket STS 1.2.7 or later.
Severity
Classification
-
CVE CVE-2004-0614 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- Apache Tomcat Information Disclosure Vulnerability
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities