CVE-2010-3476

OTRS 2.3.x < 2.3.6 and 2.4.x < 2.4.8 - Denial of Service via HTML Email Message

Title source: llm
STIX 2.1

Description

Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080.

References (6)

Core 6
Core References
Third Party Advisory x_refsource_confirm
http://security-tracker.debian.org/tracker/CVE-2010-2080
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41381
Vendor Advisory x_refsource_confirm
http://otrs.org/advisory/OSA-2010-02-en/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/61869
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/43264

Scores

EPSS 0.0252
EPSS Percentile 83.0%

Details

CWE
CWE-20
Status published
Products (12)
otrs/otrs 2.3.1
otrs/otrs 2.3.2
otrs/otrs 2.3.3
otrs/otrs 2.3.4
otrs/otrs 2.3.5
otrs/otrs 2.4.1
otrs/otrs 2.4.2
otrs/otrs 2.4.3
otrs/otrs 2.4.4
otrs/otrs 2.4.5
... and 2 more
Published Sep 20, 2010
Tracked Since Feb 18, 2026