Nessus Plugin #13859
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
osTicket Support Address DoS
- Family:
- Denial of Service
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2004 George A. Theall
- Summary:
- Checks for Support Address DoS osTicket
- Version:
- $Revision: 1.2 $
- Cve_id:
- -
- Bugtraq_id:
- -
- Xrefs:
- -
- Description:
The target is running at least one instance of osTicket 1.2.7 or
earlier. Such versions are subject to a denial of service attack in
open.php if osTicket is configured to receive mails using aliases. If
so, a remote attacker can generate a mail loop on the target by opening
a ticket with the support address as the contact email address. For
details, see :
- http://www.osticket.com/forums/showthread.php?t=301
***** Nessus has determined the vulnerability exists on the target
***** simply by looking at the version number(s) of osTicket installed
***** there. It has no way of knowing which method osTicket uses to
***** retrieve mail.
Solution : Configure osTicket to receive mail using POP3.
Risk factor : None / High
Generiert am 27.04.2005 um 18:49:54 Uhr.