Summary
This host is installed with OTRS (Open Ticket Request System) and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow remote users to obtain potentially sensitive image information by reading a forwarded message from an e-mail client.
Impact Level: Application
Solution
Upgrade to OTRS (Open Ticket Request System) version 2.4.7 or later, For updates refer to http://www.otrs.com/en/
Insight
An error exists in AgentTicketForward feature which fails to remove inline images from HTML e-mail messages
Affected
OTRS (Open Ticket Request System) version before 2.4.7
Detection
Get the installed version of OTRS with the help of detect NVT and check the version is vulnerable or not.
Severity
Classification
-
CVE CVE-2010-4766 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Advanced Image Hosting Cross Site Scripting Vulnerability
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- 3Com NBX VoIP NetSet Detection
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability