Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30666
HistoryMay 05, 2014 - 12:00 a.m.

[SECURITY] [DSA 2867-1] otrs2 security update

2014-05-0500:00:00
vulners.com
18
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Debian Security Advisory DSA-2867-1 [email protected]
http://www.debian.org/security/ Salvatore Bonaccorso
February 23, 2014 http://www.debian.org/security/faq

Package : otrs2
Vulnerability : several
CVE ID : CVE-2014-1471 CVE-2014-1694

Several vulnerabilities were discovered in otrs2, the Open Ticket
Request System. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2014-1471

Norihiro Tanaka reported missing challenge token checks. An attacker
that managed to take over the session of a logged in customer could
create tickets and/or send follow-ups to existing tickets due to
these missing checks.

CVE-2014-1694

Karsten Nielsen from Vasgard GmbH discovered that an attacker with a
valid customer or agent login could inject SQL code through the
ticket search URL.

For the oldstable distribution (squeeze), these problems have been fixed in
version 2.4.9+dfsg1-3+squeeze5.

For the stable distribution (wheezy), these problems have been fixed in
version 3.1.7+dfsg1-8+deb7u4.

For the testing distribution (jessie) and the unstable distribution
(sid), these problems have been fixed in version 3.3.4-1.

We recommend that you upgrade your otrs2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJTClzdAAoJEAVMuPMTQ89EkjoP/RbBPM2R1xYqnVkV4Wf9njsJ
IKTBGnER1miZ6PlDq6YCxKNkWTLBfflLf4AvpkX7kH6Frh19o6FJYxQ1/qvESfJh
zuuOT2fi5b66C2XhYXzsAJ+0fCcnCJSrBcWB8vwhrCqICptwp4TzIQ5WAzBRB3pL
cA/DRM/UgT+jZXb68cl27zOJL0D9E8MnOpSImrjh3+Sz3dgeG2UOmE8ZLcaGagDk
04dS5LDEOGRwIjC4+vKU113M4KWW5waP3PgChwBZwr3rjYFo69pZT619QYxoP70g
mZtKem30AHBFflqDhhN4b5POtRGpq9WLH3iDNK7RO7DyeE2gs+QN5C5w6Anw8IgH
4ePu4gWwru4F3lCu6jRc06MKqxy35tJLZvcsQY/IOKhV3e1YxfmOuNqEk0VqWCEG
rWwOrNaAcRGBE9FFLYsCSFCrkbkrkb/BP6Lz7QZrxRUhz23M1Qj6SKJr3zPX9FPc
yCaKn+zhC7tW9gub7Ko0KPv4e5IQJBaBVnnx8ls2c71PQi1RZ9A6a2sdMi8Queir
3fzGK0+pxBcqX1OHHlU3/ScVAAZRBGvLcL8CY23l36wIJ0DSEfnkvQtIVlhk/axZ
n40aczl/oAYzU4WmR7iESAA0eNYkUDiR3WyT66Df5Ipq0WXOk8P4826/fhkmM94J
Qi2eEVijIJqIo/HjZ51Z
=/RNB
-----END PGP SIGNATURE-----

Related

nessus 2
debian 2
osv 1
openvas 4
mageia 1
ubuntucve 2
cve 2
prion 2
debiancve 2
freebsd 1
securityvulns 1
nessus
nessus
Debian DSA-2867-1 : otrs2 - several vulnerabilities
2014-02-24 00:00:00
FreeBSD : otrs -- multiple vulnerabilities (c7b5d72b-886a-11e3-9533-60a44c524f57)
2014-01-29 00:00:00
debian
debian
[SECURITY] [DSA 2867-1] otrs2 security update
2014-02-23 20:42:01
[SECURITY] [DSA 2867-1] otrs2 security update
2014-02-23 20:42:01
osv
osv
otrs2 - several
2014-02-23 00:00:00
openvas
openvas
Debian Security Advisory DSA 2867-1 (otrs2 - several vulnerabilities)
2014-02-23 00:00:00
Debian: Security Advisory (DSA-2867-1)
2014-02-22 00:00:00
OTRS Multiple Vulnerabilities (OSA-2014-01, OSA-2014-02)
2014-02-07 00:00:00
mageia
mageia
Updated otrs packages fix security vulnerabilities and a missing dependency
2014-02-26 01:22:39
ubuntucve
ubuntucve
CVE-2014-1694
2014-02-04 00:00:00
CVE-2014-1471
2014-02-04 00:00:00
cve
cve
CVE-2014-1694
2014-02-04 21:55:00
CVE-2014-1471
2014-02-04 21:55:00
prion
prion
Sql injection
2014-02-04 21:55:00
Cross site request forgery (csrf)
2014-02-04 21:55:00
debiancve
debiancve
CVE-2014-1694
2014-02-04 21:55:00
CVE-2014-1471
2014-02-04 21:55:00
freebsd
freebsd
otrs -- multiple vulnerabilities
2014-01-28 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-05-05 00:00:00
JSON
Related for SECURITYVULNS:DOC:30666
nessus2debian2osv1openvas4mageia1ubuntucve2cve2prion2debiancve2freebsd1securityvulns1