CVE-2024-43445 Missing X-Content-Type-Options: nosniff Header Allows MIME Type Sniffing

🗓️ 27 Jan 2025 05:58:11Reported by OTRSType

Vulnerability in OTRS missing X-Content-Type-Options header allows MIME type sniffing attacks.

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	The vulnerability of the OTRS request processing system, related to incorrect handling of HTTP request headers, allows a hacker to upload arbitrary files.	10 Feb 202500:00	–	bdu_fstec
Circl	CVE-2024-43445	27 Jan 202506:16	–	circl
CNNVD	OTRS 安全漏洞	27 Jan 202500:00	–	cnnvd
CVE	CVE-2024-43445	27 Jan 202505:58	–	cve
EUVD	EUVD-2024-40417	3 Oct 202520:07	–	euvd
NVD	CVE-2024-43445	27 Jan 202506:15	–	nvd
Positive Technologies	PT-2025-2647 · Unknown +1 · Otrs Community Edition +1	13 Aug 202400:00	–	ptsecurity
SUSE CVE	SUSE CVE-2024-43445	28 Jan 202500:23	–	susecve
Vulnrichment	CVE-2024-43445 Missing X-Content-Type-Options: nosniff Header Allows MIME Type Sniffing	27 Jan 202505:58	–	vulnrichment

[
  {
    "defaultStatus": "affected",
    "product": "OTRS",
    "vendor": "OTRS AG",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.x"
      },
      {
        "status": "affected",
        "version": "8.0.x"
      },
      {
        "status": "affected",
        "version": "2023.x"
      },
      {
        "status": "affected",
        "version": "2024.x"
      },
      {
        "lessThan": "2025.1.x",
        "status": "affected",
        "version": "2025.x",
        "versionType": "Patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "((OTRS)) Community Edition",
    "vendor": "OTRS AG",
    "versions": [
      {
        "lessThanOrEqual": "6.0.34",
        "status": "affected",
        "version": "6.0.x",
        "versionType": "All"
      }
    ]
  }
]

Source	Link
otrs	www.otrs.com/release-notes/otrs-security-advisory-2025-01/

27 Jan 2025 05:58Current

CVSS 3.15.4

EPSS0.00141

CWE-20

vulnerability otrs x-content-type-options mime type sniffing