OTRS 'AdminPackageManager.pm' Local File Disclosure Vulnerability Network Vulnerability

Summary

OTRS is prone to a local file-disclosure vulnerability

Impact

Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application. This may aid in further attacks. Impact Level: Application

Solution

Updates are available. Please see the references for more information.

Insight

An error exists in application which fails to adequately validate user-supplied input.

Affected

Open Ticket Request System (OTRS) version 2.4.x before 2.4.11 and 3.x before 3.0.8

Detection

Get the installed version of OTRS with the help of detect NVT and check the version is vulnerable or not.

References

http://otrs.org/
http://otrs.org/advisory/OSA-2011-03-en/
http://www.securityfocus.com/bid/49251

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2746

CVSS	Base Score: 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N

Related Vulnerabilities

Apache Subversion Module Metadata Accessible
AN Guestbook Local File Inclusion Vulnerability
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
/cgi-bin directory browsable ?

Take action and discover your vulnerabilities