CVE-2010-3476
OTRS 2.3.x < 2.3.6 and 2.4.x < 2.4.8 - Denial of Service via HTML Email Message
Title source: llmDescription
Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080.
References (6)
Core 6
Core References
Third Party Advisory x_refsource_confirm
http://security-tracker.debian.org/tracker/CVE-2010-2080
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41381
Vendor Advisory x_refsource_confirm
http://otrs.org/advisory/OSA-2010-02-en/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/61869
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/43264
Scores
EPSS
0.0252
EPSS Percentile
83.0%
Details
CWE
CWE-20
Status
published
Products (12)
otrs/otrs
2.3.1
otrs/otrs
2.3.2
otrs/otrs
2.3.3
otrs/otrs
2.3.4
otrs/otrs
2.3.5
otrs/otrs
2.4.1
otrs/otrs
2.4.2
otrs/otrs
2.4.3
otrs/otrs
2.4.4
otrs/otrs
2.4.5
... and 2 more
Published
Sep 20, 2010
Tracked Since
Feb 18, 2026