osTicket open.php Support Address Crafted Mail Loop Remote DoS

high Nessus Plugin ID 13859

Language:

Synopsis

The remote host may be vulnerable to a denial of service.

Description

The target is running at least one instance of osTicket 1.2.7 or earlier. Such versions are subject to a denial of service attack in open.php if osTicket is configured to receive mails using aliases. If so, a remote attacker can generate a mail loop on the target by opening a ticket with the support address as the contact email address. For details, see :

- http://www.nessus.org/u?a1aa7bab

***** Nessus has determined the vulnerability exists on the target
***** simply by looking at the version number(s) of osTicket installed
***** there. It has no way of knowing which method osTicket uses to
***** retrieve mail.

Solution

Configure osTicket to receive mail using POP3.

Plugin Details

Severity: High

ID: 13859

File Name: osticket_support_address_dos.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 7/30/2004

Updated: 8/15/2022

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

Required KB Items: www/osticket

Detections

Analytics