This host is installed with OTRS (Open Ticket Request System) and is prone to security bypass vulnerability.

Successful exploitation will allow remote attackers to read and modify objects via the OTRS SOAP interface . Impact Level: Application

Upgrade to OTRS (Open Ticket Request System) version 2.1.8 or 2.2.6 or later, For updates refer to http://www.otrs.com/en/

An error exists in SOAP interface which fails to properly validate user credentials before performing certain actions

OTRS (Open Ticket Request System) version 2.1.0 before 2.1.8 and 2.2.0 before 2.2.6

Send a Crafted HTTP POST request and check whether it is able to get OTRS users.

• http://osvdb.org/74094

---

Updated on 2015-03-25