OTRS Key Revocation Spoofing Weakness Vulnerability Network Vulnerability

Summary

This host is installed with OTRS (Open Ticket Request System) and is prone to spoofing weakness vulnerability.

Impact

Successful exploitation will allow remote attackers to spoof e-mail communication by leveraging a key that has a revocation signature. Impact Level: Application

Solution

Upgrade to OTRS (Open Ticket Request System) version 2.4.10 or 3.0.3 or later, For updates refer to http://www.otrs.com/en/

Insight

An error exists in the application which fails to present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys

Affected

OTRS (Open Ticket Request System) version before 2.4.10 and 3.x before 3.0.3

Detection

Get the installed version of OTRS with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/74099

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4764

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apple Safari Multiple Vulnerabilities
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
3Com NBX VoIP NetSet Detection
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities

Take action and discover your vulnerabilities