Summary
This host is installed with OTRS (Open Ticket Request System) and is prone to cryptographic entropy weakness.
Impact
Successful exploitation will allow remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations.
Impact Level: Application
Solution
Upgrade to OTRS (Open Ticket Request System) version 2.2.5, or 2.3.0-beta1 or later, For updates refer to http://www.otrs.com/en/
Insight
An error exists in S/MIME feature which does not properly configure the RANDFILE environment variable for OpenSSL
Affected
OTRS (Open Ticket Request System) version before 2.2.5, and 2.3.x before 2.3.0-beta1
Detection
Get the installed version of OTRS with the help of detect NVT and check the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-7278 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability