4 matches found
Debian DSA-4069-1 : otrs2 - security update
Francesco Sirocco discovered a flaw in otrs2, the Open Ticket Request System, which could result in session information disclosure when cookie support is disabled. A remote attacker can take advantage of this flaw to take over an agent's session if the agent is tricked into clicking a link in a...
[SECURITY] [DLA 1215-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1deb7u3 CVE ID : CVE-2017-17476 Debian Bug : 884801 Francesco Sirocco discovered a flaw in otrs2, the Open Ticket Request System, which could result in session information disclosure when cookie support is disabled. A remote attacker can take advantage of this fla...
CVE-2017-17476
The CVE-2017-17476 affects Open Ticket Request System (OTRS) 4.0.x < 4.0.28, 5.0.x < 5.0.26, and 6.0.x
CVE-2017-17476
Open Ticket Request System OTRS 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email...