Vulnerability Details : CVE-2010-3476
Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-3476
Probability of exploitation activity in the next 30 days: 2.28%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3476
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-3476
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3476
-
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:024
-
http://otrs.org/advisory/OSA-2010-02-en/
404 Page | OTRSVendor Advisory
-
http://security-tracker.debian.org/tracker/CVE-2010-2080
CVE-2010-2080
-
http://www.securityfocus.com/bid/43264
OTRS Core System Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/61869
OTRS regular expression denial of service CVE-2010-3476 Vulnerability Report
Products affected by CVE-2010-3476
- cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*