| VID |
21336 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The osTicket program on the remote Web server, according to its version number, has a Denial of Service Vulnerability in open.php script.
osTicket is an open-source support ticket program for Microsoft Windows, Unix and Linux operating systems. Such versions of osTicket are vulnerable to a Denial of Service attacker if osTicket is configured to receive mails using aliases. A remote attacker could generate a mail loop on the target system by opening a ticket with the support address as the contact E-Mail address, which could cause the target system to Denial of Service.
* Note: This check solely relied on the version of osTicket on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.osticket.com/forums/showthread.php?t=301
* Softwares Affected:
osTicket 1.2.7 or earlier
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of August 2004.
Upgrade to the latest version of osTicket, when new fixed version becomes available from the osTicket Web site at http://www.osticket.com
As a workaround, configure osTicket to receive mail using POP3. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
