CVE-2010-3476 - Vulnerability Details - OpenCVE

Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Otrs	Otrs

Configuration 1 [-]

OR	cpe:2.3:a:otrs:otrs:2.3.1:::::::*
	cpe:2.3:a:otrs:otrs:2.3.2:::::::*
	cpe:2.3:a:otrs:otrs:2.3.3:::::::*
	cpe:2.3:a:otrs:otrs:2.3.4:::::::*
	cpe:2.3:a:otrs:otrs:2.3.5:::::::*
	cpe:2.3:a:otrs:otrs:2.4.1:::::::*
	cpe:2.3:a:otrs:otrs:2.4.2:::::::*
	cpe:2.3:a:otrs:otrs:2.4.3:::::::*
	cpe:2.3:a:otrs:otrs:2.4.4:::::::*
	cpe:2.3:a:otrs:otrs:2.4.5:::::::*
	cpe:2.3:a:otrs:otrs:2.4.6:::::::*
	cpe:2.3:a:otrs:otrs:2.4.7:::::::*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://otrs.org/advisory/OSA-2010-02-en/
http://secunia.com/advisories/41381
http://security-tracker.debian.org/tracker/CVE-2010-2080
http://www.securityfocus.com/bid/43264
https://exchange.xforce.ibmcloud.com/vulnerabilities/61869

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-09-20T21:00:00

Updated: 2024-08-07T03:11:44.286Z

Reserved: 2010-09-20T00:00:00

Link: CVE-2010-3476

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-09-20T22:00:04.673

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-3476

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-09-15T00:00:00", "descriptions": [{"lang": "en", "value": "Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://security-tracker.debian.org/tracker/CVE-2010-2080"}, {"name": "41381", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41381"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://otrs.org/advisory/OSA-2010-02-en/"}, {"name": "otrs-regexpression-dos(61869)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61869"}, {"name": "SUSE-SR:2010:024", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"}, {"name": "43264", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/43264"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3476", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://security-tracker.debian.org/tracker/CVE-2010-2080", "refsource": "CONFIRM", "url": "http://security-tracker.debian.org/tracker/CVE-2010-2080"}, {"name": "41381", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41381"}, {"name": "http://otrs.org/advisory/OSA-2010-02-en/", "refsource": "CONFIRM", "url": "http://otrs.org/advisory/OSA-2010-02-en/"}, {"name": "otrs-regexpression-dos(61869)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61869"}, {"name": "SUSE-SR:2010:024", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"}, {"name": "43264", "refsource": "BID", "url": "http://www.securityfocus.com/bid/43264"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:11:44.286Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://security-tracker.debian.org/tracker/CVE-2010-2080"}, {"name": "41381", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/41381"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://otrs.org/advisory/OSA-2010-02-en/"}, {"name": "otrs-regexpression-dos(61869)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61869"}, {"name": "SUSE-SR:2010:024", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"}, {"name": "43264", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/43264"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3476", "datePublished": "2010-09-20T21:00:00", "dateReserved": "2010-09-20T00:00:00", "dateUpdated": "2024-08-07T03:11:44.286Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:otrs:otrs:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "55F536B9-11F6-4F3F-9293-25D23F987C9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs:2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "CD6DF09D-A8D8-4C77-A4C9-46BD570C2CE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs:2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "D7ECE7F6-7A82-420C-A440-522331667B43", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs:2.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "6C66917F-135E-464E-916F-FD6B5A701E65", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs:2.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "C0002581-086A-4CB7-9408-8FA52BD03D28", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "A07A35A7-55A5-4E78-98F8-38B1F3D4DA72", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080."}, {"lang": "es", "value": "Open Ticket Request System (OTRS) v2.3.x anteriores a v2.3.6 y v2.4.x anteriores a v2.4.8 no controla correctamente la adecuaci\u00f3n de las expresiones regulares de Perl contra los mensajes de correo electr\u00f3nico HTML, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de un mensaje grande, es una vulnerabilidad distinta a CVE-2010-2080."}], "id": "CVE-2010-3476", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-09-20T22:00:04.673", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://otrs.org/advisory/OSA-2010-02-en/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41381"}, {"source": "cve@mitre.org", "url": "http://security-tracker.debian.org/tracker/CVE-2010-2080"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/43264"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61869"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://otrs.org/advisory/OSA-2010-02-en/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/41381"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security-tracker.debian.org/tracker/CVE-2010-2080"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/43264"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61869"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}